From sle-security-updates at lists.suse.com Mon Feb 1 07:16:51 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2021 15:16:51 +0100 (CET) Subject: SUSE-SU-2021:0251-1: important: Security update for rubygem-nokogiri Message-ID: <20210201141651.B629DFD0A@maintenance.suse.de> SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0251-1 Rating: important References: #1146578 #1156722 #1180507 Cross-References: CVE-2019-5477 CVE-2020-26247 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 (bsc#1156722). Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-251=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-251=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-251=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-5477.html https://www.suse.com/security/cve/CVE-2020-26247.html https://bugzilla.suse.com/1146578 https://bugzilla.suse.com/1156722 https://bugzilla.suse.com/1180507 From sle-security-updates at lists.suse.com Mon Feb 1 10:17:40 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2021 18:17:40 +0100 (CET) Subject: SUSE-SU-2021:0263-1: moderate: Security update for terraform Message-ID: <20210201171740.2B29CFD0A@maintenance.suse.de> SUSE Security Update: Security update for terraform ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0263-1 Rating: moderate References: #1168921 #1170264 #1177421 ECO-2766 PM-2215 Cross-References: CVE-2020-14039 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has two fixes is now available. Description: This update for terraform fixes the following issues: - Updated terraform to version 0.13.4 (bsc#1177421) * Many features, bug fixes, and enhancements were made during this update. Please refer to the terraform rpm changelog, for a full list of all changes. - The following terraform providers were updated: * terraform-provider-aws * terraform-provider-azurerm * terraform-provider-external * terraform-provider-google * terraform-provider-helm * terraform-provider-kubernetes * terraform-provider-local * terraform-provider-null * terraform-provider-random * terraform-provider-tls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-263=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): terraform-0.13.4-6.3.1 terraform-provider-aws-3.11.0-6.3.1 terraform-provider-azurerm-2.32.0-6.3.1 terraform-provider-external-2.0.0-6.3.1 terraform-provider-google-3.43.0-6.3.1 terraform-provider-helm-1.3.2-6.3.1 terraform-provider-kubernetes-1.13.2-6.3.1 terraform-provider-local-2.0.0-6.3.1 terraform-provider-null-3.0.0-6.3.1 terraform-provider-random-3.0.0-6.3.1 terraform-provider-tls-3.0.0-5.3.2 References: https://www.suse.com/security/cve/CVE-2020-14039.html https://bugzilla.suse.com/1168921 https://bugzilla.suse.com/1170264 https://bugzilla.suse.com/1177421 From sle-security-updates at lists.suse.com Mon Feb 1 10:18:56 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2021 18:18:56 +0100 (CET) Subject: SUSE-SU-2021:0259-1: important: Security update for MozillaFirefox Message-ID: <20210201171856.39B83FD0A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0259-1 Rating: important References: #1181414 Cross-References: CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-259=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-259=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-8.26.2 MozillaFirefox-debuginfo-78.7.0-8.26.2 MozillaFirefox-debugsource-78.7.0-8.26.2 MozillaFirefox-translations-common-78.7.0-8.26.2 MozillaFirefox-translations-other-78.7.0-8.26.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.7.0-8.26.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-8.26.2 MozillaFirefox-debuginfo-78.7.0-8.26.2 MozillaFirefox-debugsource-78.7.0-8.26.2 MozillaFirefox-devel-78.7.0-8.26.2 MozillaFirefox-translations-common-78.7.0-8.26.2 MozillaFirefox-translations-other-78.7.0-8.26.2 References: https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-security-updates at lists.suse.com Mon Feb 1 10:27:47 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2021 18:27:47 +0100 (CET) Subject: SUSE-SU-2021:0257-1: important: Security update for MozillaThunderbird Message-ID: <20210201172747.8F2D6FD0A@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0257-1 Rating: important References: #1181414 Cross-References: CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-257=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.7.0-8.9.1 MozillaThunderbird-debuginfo-78.7.0-8.9.1 MozillaThunderbird-debugsource-78.7.0-8.9.1 MozillaThunderbird-translations-common-78.7.0-8.9.1 MozillaThunderbird-translations-other-78.7.0-8.9.1 References: https://www.suse.com/security/cve/CVE-2020-15685.html https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-security-updates at lists.suse.com Mon Feb 1 10:28:48 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Feb 2021 18:28:48 +0100 (CET) Subject: SUSE-SU-2021:0258-1: important: Security update for openvswitch Message-ID: <20210201172848.90927FD0A@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0258-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.13.2 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-258=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-258=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.2-9.11.1 libopenvswitch-2_13-0-debuginfo-2.13.2-9.11.1 libovn-20_03-0-20.03.1-9.11.1 libovn-20_03-0-debuginfo-20.03.1-9.11.1 openvswitch-2.13.2-9.11.1 openvswitch-debuginfo-2.13.2-9.11.1 openvswitch-debugsource-2.13.2-9.11.1 openvswitch-devel-2.13.2-9.11.1 openvswitch-ipsec-2.13.2-9.11.1 openvswitch-pki-2.13.2-9.11.1 openvswitch-test-2.13.2-9.11.1 openvswitch-test-debuginfo-2.13.2-9.11.1 openvswitch-vtep-2.13.2-9.11.1 openvswitch-vtep-debuginfo-2.13.2-9.11.1 ovn-20.03.1-9.11.1 ovn-central-20.03.1-9.11.1 ovn-devel-20.03.1-9.11.1 ovn-docker-20.03.1-9.11.1 ovn-host-20.03.1-9.11.1 ovn-vtep-20.03.1-9.11.1 python3-ovs-2.13.2-9.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.2-9.11.1 libopenvswitch-2_13-0-debuginfo-2.13.2-9.11.1 openvswitch-debuginfo-2.13.2-9.11.1 openvswitch-debugsource-2.13.2-9.11.1 python3-ovs-2.13.2-9.11.1 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Tue Feb 2 04:16:32 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 12:16:32 +0100 (CET) Subject: SUSE-SU-2021:0277-1: important: Security update for openvswitch Message-ID: <20210202111632.1C1C6FF96@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0277-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.11.5 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-277=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-277=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-277=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-277=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenvswitch-2_11-0-2.11.5-6.30.2 libopenvswitch-2_11-0-debuginfo-2.11.5-6.30.2 openvswitch-2.11.5-6.30.2 openvswitch-debuginfo-2.11.5-6.30.2 openvswitch-debugsource-2.11.5-6.30.2 openvswitch-devel-2.11.5-6.30.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenvswitch-2_11-0-2.11.5-6.30.2 libopenvswitch-2_11-0-debuginfo-2.11.5-6.30.2 openvswitch-2.11.5-6.30.2 openvswitch-debuginfo-2.11.5-6.30.2 openvswitch-debugsource-2.11.5-6.30.2 openvswitch-devel-2.11.5-6.30.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-6.30.2 libopenvswitch-2_11-0-debuginfo-2.11.5-6.30.2 openvswitch-2.11.5-6.30.2 openvswitch-debuginfo-2.11.5-6.30.2 openvswitch-debugsource-2.11.5-6.30.2 openvswitch-devel-2.11.5-6.30.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-6.30.2 libopenvswitch-2_11-0-debuginfo-2.11.5-6.30.2 openvswitch-2.11.5-6.30.2 openvswitch-debuginfo-2.11.5-6.30.2 openvswitch-debugsource-2.11.5-6.30.2 openvswitch-devel-2.11.5-6.30.2 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Tue Feb 2 04:17:36 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 12:17:36 +0100 (CET) Subject: SUSE-SU-2021:0275-1: important: Security update for java-11-openjdk Message-ID: <20210202111736.99369FF1F@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0275-1 Rating: important References: #1181239 ECO-3171 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239) - Enable Sheandoah GC for x86_64 (jsc#ECO-3171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-275=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.10.0-3.18.2 java-11-openjdk-debuginfo-11.0.10.0-3.18.2 java-11-openjdk-debugsource-11.0.10.0-3.18.2 java-11-openjdk-demo-11.0.10.0-3.18.2 java-11-openjdk-devel-11.0.10.0-3.18.2 java-11-openjdk-headless-11.0.10.0-3.18.2 References: https://bugzilla.suse.com/1181239 From sle-security-updates at lists.suse.com Tue Feb 2 04:18:34 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 12:18:34 +0100 (CET) Subject: SUSE-SU-2021:0276-1: important: Security update for openvswitch Message-ID: <20210202111834.5C873FF1F@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0276-1 Rating: important References: #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.11.5 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-276=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.3.2 libopenvswitch-2_11-0-debuginfo-2.11.5-3.3.2 openvswitch-2.11.5-3.3.2 openvswitch-debuginfo-2.11.5-3.3.2 openvswitch-debugsource-2.11.5-3.3.2 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Tue Feb 2 10:16:47 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 18:16:47 +0100 (CET) Subject: SUSE-SU-2021:0284-1: important: Security update for openvswitch Message-ID: <20210202171647.E253CFF96@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0284-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.7.12 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of the openvswitch.rpm file in order to obtain a list of all changes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-284=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-284=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-284=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-284=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-284=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-284=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-284=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - SUSE OpenStack Cloud 8 (x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 - HPE Helion Openstack 8 (x86_64): openvswitch-2.7.12-3.36.1 openvswitch-debuginfo-2.7.12-3.36.1 openvswitch-debugsource-2.7.12-3.36.1 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Tue Feb 2 10:17:52 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 18:17:52 +0100 (CET) Subject: SUSE-SU-2021:0285-1: moderate: Security update for cups Message-ID: <20210202171752.5F921FF96@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0285-1 Rating: moderate References: #1170671 #1180520 Cross-References: CVE-2019-8842 CVE-2020-10001 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-285=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-285=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.20.1 cups-ddk-debuginfo-2.2.7-3.20.1 cups-debuginfo-2.2.7-3.20.1 cups-debugsource-2.2.7-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.20.1 cups-client-2.2.7-3.20.1 cups-client-debuginfo-2.2.7-3.20.1 cups-config-2.2.7-3.20.1 cups-debuginfo-2.2.7-3.20.1 cups-debugsource-2.2.7-3.20.1 cups-devel-2.2.7-3.20.1 libcups2-2.2.7-3.20.1 libcups2-debuginfo-2.2.7-3.20.1 libcupscgi1-2.2.7-3.20.1 libcupscgi1-debuginfo-2.2.7-3.20.1 libcupsimage2-2.2.7-3.20.1 libcupsimage2-debuginfo-2.2.7-3.20.1 libcupsmime1-2.2.7-3.20.1 libcupsmime1-debuginfo-2.2.7-3.20.1 libcupsppdc1-2.2.7-3.20.1 libcupsppdc1-debuginfo-2.2.7-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcups2-32bit-2.2.7-3.20.1 libcups2-32bit-debuginfo-2.2.7-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-8842.html https://www.suse.com/security/cve/CVE-2020-10001.html https://bugzilla.suse.com/1170671 https://bugzilla.suse.com/1180520 From sle-security-updates at lists.suse.com Tue Feb 2 10:18:55 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Feb 2021 18:18:55 +0100 (CET) Subject: SUSE-SU-2021:0286-1: moderate: Security update for cups Message-ID: <20210202171855.A5B36FF96@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0286-1 Rating: moderate References: #1170671 #1180520 Cross-References: CVE-2019-8842 CVE-2020-10001 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-286=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-286=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.33.1 cups-ddk-debuginfo-1.7.5-20.33.1 cups-debuginfo-1.7.5-20.33.1 cups-debugsource-1.7.5-20.33.1 cups-devel-1.7.5-20.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.33.1 cups-client-1.7.5-20.33.1 cups-client-debuginfo-1.7.5-20.33.1 cups-debuginfo-1.7.5-20.33.1 cups-debugsource-1.7.5-20.33.1 cups-libs-1.7.5-20.33.1 cups-libs-debuginfo-1.7.5-20.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): cups-libs-32bit-1.7.5-20.33.1 cups-libs-debuginfo-32bit-1.7.5-20.33.1 References: https://www.suse.com/security/cve/CVE-2019-8842.html https://www.suse.com/security/cve/CVE-2020-10001.html https://bugzilla.suse.com/1170671 https://bugzilla.suse.com/1180520 From sle-security-updates at lists.suse.com Wed Feb 3 16:16:05 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 00:16:05 +0100 (CET) Subject: SUSE-SU-2021:0298-1: important: Security update for openvswitch Message-ID: <20210203231605.4FF24FFB1@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0298-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) - datapath: Clear the L4 portion of the key for "later" fragments - datapath: Properly set L4 keys on "later" IP fragments - ofproto-dpif: Fix using uninitialised memory in user_action_cookie. - stream-ssl: Fix crash on NULL private key and valid certificate. - datapath: fix flow actions reallocation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-298=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-298=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-298=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-298=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openvswitch-2.5.11-25.26.1 openvswitch-debuginfo-2.5.11-25.26.1 openvswitch-debugsource-2.5.11-25.26.1 openvswitch-switch-2.5.11-25.26.1 openvswitch-switch-debuginfo-2.5.11-25.26.1 - SUSE OpenStack Cloud 7 (x86_64): openvswitch-dpdk-2.5.11-25.26.1 openvswitch-dpdk-debuginfo-2.5.11-25.26.1 openvswitch-dpdk-debugsource-2.5.11-25.26.1 openvswitch-dpdk-switch-2.5.11-25.26.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openvswitch-2.5.11-25.26.1 openvswitch-debuginfo-2.5.11-25.26.1 openvswitch-debugsource-2.5.11-25.26.1 openvswitch-switch-2.5.11-25.26.1 openvswitch-switch-debuginfo-2.5.11-25.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openvswitch-dpdk-2.5.11-25.26.1 openvswitch-dpdk-debuginfo-2.5.11-25.26.1 openvswitch-dpdk-debugsource-2.5.11-25.26.1 openvswitch-dpdk-switch-2.5.11-25.26.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openvswitch-2.5.11-25.26.1 openvswitch-debuginfo-2.5.11-25.26.1 openvswitch-debugsource-2.5.11-25.26.1 openvswitch-switch-2.5.11-25.26.1 openvswitch-switch-debuginfo-2.5.11-25.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): openvswitch-dpdk-2.5.11-25.26.1 openvswitch-dpdk-debuginfo-2.5.11-25.26.1 openvswitch-dpdk-debugsource-2.5.11-25.26.1 openvswitch-dpdk-switch-2.5.11-25.26.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openvswitch-2.5.11-25.26.1 openvswitch-debuginfo-2.5.11-25.26.1 openvswitch-debugsource-2.5.11-25.26.1 openvswitch-dpdk-2.5.11-25.26.1 openvswitch-dpdk-debuginfo-2.5.11-25.26.1 openvswitch-dpdk-debugsource-2.5.11-25.26.1 openvswitch-dpdk-switch-2.5.11-25.26.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.26.1 openvswitch-switch-2.5.11-25.26.1 openvswitch-switch-debuginfo-2.5.11-25.26.1 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Wed Feb 3 16:17:17 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 00:17:17 +0100 (CET) Subject: SUSE-SU-2021:0300-1: important: Security update for openvswitch Message-ID: <20210203231717.4D93BFFB1@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0300-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.11.5 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-300=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-300=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-300=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-300=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-300=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-300=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-300=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-300=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-300=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-300=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-300=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Manager Proxy 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python2-ovs-2.11.5-3.12.1 python2-ovs-debuginfo-2.11.5-3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): python2-ovs-2.11.5-3.12.1 python2-ovs-debuginfo-2.11.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 - SUSE CaaS Platform 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.12.1 libopenvswitch-2_11-0-debuginfo-2.11.5-3.12.1 openvswitch-2.11.5-3.12.1 openvswitch-debuginfo-2.11.5-3.12.1 openvswitch-debugsource-2.11.5-3.12.1 openvswitch-devel-2.11.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Wed Feb 3 16:18:28 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 00:18:28 +0100 (CET) Subject: SUSE-SU-2021:0299-1: moderate: Security update for python-urllib3 Message-ID: <20210203231828.26FB5FFB1@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0299-1 Rating: moderate References: #1177211 Cross-References: CVE-2020-26116 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-299=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-299=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-299=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-299=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-299=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): python3-urllib3-1.22-3.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-urllib3-1.22-3.23.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-urllib3-1.22-3.23.1 python3-urllib3-1.22-3.23.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-urllib3-1.22-3.23.1 python3-urllib3-1.22-3.23.1 - SUSE Enterprise Storage 5 (noarch): python-urllib3-1.22-3.23.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 From sle-security-updates at lists.suse.com Wed Feb 3 16:19:28 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 00:19:28 +0100 (CET) Subject: SUSE-SU-2021:0297-1: important: Security update for openvswitch Message-ID: <20210203231928.B6A6EFFB1@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0297-1 Rating: important References: #1117483 #1181345 Cross-References: CVE-2020-27827 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvswitch fixes the following issues: - openvswitch was updated to 2.8.10 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of the openvswitch.rpm file in order to obtain a list of all changes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-297=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-297=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-297=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-297=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenvswitch-2_8-0-2.8.10-4.23.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.23.1 openvswitch-2.8.10-4.23.1 openvswitch-debuginfo-2.8.10-4.23.1 openvswitch-debugsource-2.8.10-4.23.1 - SUSE OpenStack Cloud 9 (x86_64): libopenvswitch-2_8-0-2.8.10-4.23.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.23.1 openvswitch-2.8.10-4.23.1 openvswitch-debuginfo-2.8.10-4.23.1 openvswitch-debugsource-2.8.10-4.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenvswitch-2_8-0-2.8.10-4.23.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.23.1 openvswitch-2.8.10-4.23.1 openvswitch-debuginfo-2.8.10-4.23.1 openvswitch-debugsource-2.8.10-4.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.10-4.23.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.23.1 openvswitch-2.8.10-4.23.1 openvswitch-debuginfo-2.8.10-4.23.1 openvswitch-debugsource-2.8.10-4.23.1 References: https://www.suse.com/security/cve/CVE-2020-27827.html https://bugzilla.suse.com/1117483 https://bugzilla.suse.com/1181345 From sle-security-updates at lists.suse.com Wed Feb 3 23:43:05 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 07:43:05 +0100 (CET) Subject: SUSE-IU-2021:1-1: Security update of suse-sles-15-sp1-chost-byos-v20210202-hvm-ssd-x86_64 Message-ID: <20210204064305.DF527FFB1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20210202-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:1-1 Image Tags : suse-sles-15-sp1-chost-byos-v20210202-hvm-ssd-x86_64:20210202 Image Release : Severity : important Type : security References : 1027519 1040855 1044120 1044767 1050242 1050536 1050545 1050549 1055117 1056653 1056657 1056787 1064802 1065729 1066129 1067665 1084671 1094840 1103990 1103992 1104389 1104393 1109695 1109837 1110096 1111666 1112178 1112178 1112374 1115431 1115550 1118657 1129770 1136460 1136461 1138374 1139398 1139944 1141597 1142000 1144912 1145276 1148566 1152457 1155094 1156545 1158775 1160939 1163727 1164780 1168155 1169006 1170139 1170630 1171078 1171234 1172082 1172145 1172538 1172542 1172694 1173513 1173914 1174091 1174099 1174162 1174206 1174257 1174436 1174571 1174701 1174726 1174784 1174852 1174942 1175458 1175514 1175623 1175916 1176109 1176355 1176558 1176559 1176782 1176956 1177120 1177196 1177211 1177304 1177397 1177460 1177490 1177533 1177805 1177808 1177819 1177820 1178009 1178182 1178270 1178372 1178401 1178554 1178589 1178590 1178634 1178635 1178669 1178762 1178775 1178823 1178825 1178838 1178853 1178854 1178878 1178886 1178897 1178909 1178940 1178962 1179014 1179015 1179045 1179082 1179107 1179107 1179140 1179141 1179142 1179193 1179204 1179211 1179213 1179259 1179326 1179363 1179398 1179399 1179403 1179406 1179418 1179419 1179421 1179424 1179426 1179427 1179429 1179444 1179491 1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179516 1179520 1179578 1179593 1179601 1179630 1179663 1179666 1179670 1179671 1179672 1179673 1179691 1179711 1179713 1179714 1179715 1179716 1179722 1179723 1179724 1179738 1179745 1179810 1179824 1179888 1179895 1179896 1179960 1179963 1180027 1180029 1180031 1180052 1180086 1180117 1180138 1180225 1180258 1180377 1180506 1180559 1180603 1180684 1180685 1180687 1180885 1181090 959556 CVE-2018-20669 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20934 CVE-2019-5010 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1971 CVE-2020-25669 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20210202-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3718-1 Released: Wed Dec 9 10:31:01 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1174726,1175916,1176109,1177304,1177397,1177805,1177808,1177819,1177820,1178182,1178589,1178635,1178669,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179403,1179406,1179418,1179421,1179424,1179426,1179427,1179429,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kABI workaround for usermodehelper changes (bsc#1179406). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3750-1 Released: Fri Dec 11 08:53:26 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1156545 This update for open-lldp fixes the following issue: - Update from version 1.0.1+63.f977e67 to version v1.0.1+64.29d12e584af1 - Prevent double definition of `ETH_P_LLDP` when building on new kernels (bsc#1156545) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3751-1 Released: Fri Dec 11 08:53:40 2020 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1173914,1177196 This update for kdump fixes the following issues: - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3803-1 Released: Tue Dec 15 09:40:41 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1176355 This update for rsyslog fixes the following issues: - Fixes a crash for imfile (bsc#1176355) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3866-1 Released: Thu Dec 17 12:06:08 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1115550,1139398,1142000,1148566,1173513,1174162,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000) - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). - Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162). - Added speculative hardening for key storage (bsc#1139398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3881-1 Released: Fri Dec 18 16:47:09 2020 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:118-1 Released: Thu Jan 14 06:16:26 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - Avoid a GCC warning about '/*' within a comment. - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:178-1 Released: Wed Jan 20 13:38:02 2021 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1160939,1168155,1171234,1172082,1174099,959556 This update for wicked fixes the following issues: - Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099) - Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770) - Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082) - Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234) - Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556) - Implement support for RFC7217. (jsc#SLE-6960) - Fix for schema to avoid not applying 'rto_min' including new time format. (bsc#1160939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:221-1 Released: Tue Jan 26 14:31:39 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:266-1 Released: Mon Feb 1 21:02:37 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1177533,1179326,1179691,1179738 This update for lvm2 fixes the following issue: - Fixes an issue when boot logical volume gets unmounted during patching. (bsc#1177533) - Fix for lvm2 to use 'external_device_info_source='udev'' by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) - Fixed an issue when after storage migration major performance issues occurred on the system. (bsc#1179326) From sle-security-updates at lists.suse.com Wed Feb 3 23:44:24 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 07:44:24 +0100 (CET) Subject: SUSE-IU-2021:2-1: Security update of sles-15-sp1-chost-byos-v20210202 Message-ID: <20210204064424.CECD0FFB1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp1-chost-byos-v20210202 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:2-1 Image Tags : sles-15-sp1-chost-byos-v20210202:20210202 Image Release : Severity : important Type : security References : 1040855 1044120 1044767 1050242 1050536 1050545 1050549 1055117 1056653 1056657 1056787 1064802 1065729 1066129 1067665 1084671 1094840 1103990 1103992 1104389 1104393 1109695 1109837 1110096 1111666 1112178 1112178 1112374 1115431 1115550 1118657 1129770 1136460 1136461 1138374 1139398 1139944 1141597 1142000 1144912 1145276 1148566 1152457 1155094 1156545 1158775 1160939 1163727 1164780 1168155 1169006 1170139 1170630 1171078 1171234 1172082 1172145 1172538 1172542 1172694 1173513 1173914 1174091 1174099 1174162 1174206 1174257 1174436 1174571 1174701 1174726 1174784 1174852 1174942 1175458 1175514 1175623 1175916 1176109 1176355 1176427 1176558 1176559 1176956 1177196 1177211 1177304 1177397 1177460 1177490 1177533 1177805 1177808 1177819 1177820 1178009 1178182 1178249 1178270 1178372 1178401 1178554 1178589 1178590 1178634 1178635 1178669 1178762 1178775 1178823 1178825 1178838 1178853 1178854 1178878 1178886 1178897 1178909 1178940 1178962 1179014 1179015 1179045 1179082 1179107 1179107 1179140 1179141 1179142 1179193 1179204 1179211 1179213 1179259 1179326 1179363 1179398 1179399 1179403 1179406 1179418 1179419 1179421 1179424 1179426 1179427 1179429 1179444 1179491 1179503 1179520 1179578 1179593 1179601 1179630 1179663 1179666 1179670 1179671 1179672 1179673 1179691 1179711 1179713 1179714 1179715 1179716 1179722 1179723 1179724 1179738 1179745 1179810 1179824 1179888 1179895 1179896 1179960 1179963 1180027 1180029 1180031 1180052 1180086 1180117 1180138 1180225 1180258 1180377 1180506 1180559 1180603 1180684 1180685 1180687 1180885 1181090 959556 CVE-2018-20669 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20934 CVE-2019-5010 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1971 CVE-2020-25669 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container sles-15-sp1-chost-byos-v20210202 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3277-1 Released: Wed Nov 11 09:06:52 2020 Summary: Recommended update for google-osconfig-agent Type: recommended Severity: moderate References: 1176427,1178249 This update for google-osconfig-agent fixes the following issues: This update ships the google-osconfig-agent in version 20200929.00 (bsc#1176427, bsc#1178249, jsc#ECO-2702, jsc#PM-2203) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3718-1 Released: Wed Dec 9 10:31:01 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1174726,1175916,1176109,1177304,1177397,1177805,1177808,1177819,1177820,1178182,1178589,1178635,1178669,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179403,1179406,1179418,1179421,1179424,1179426,1179427,1179429,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kABI workaround for usermodehelper changes (bsc#1179406). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3750-1 Released: Fri Dec 11 08:53:26 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1156545 This update for open-lldp fixes the following issue: - Update from version 1.0.1+63.f977e67 to version v1.0.1+64.29d12e584af1 - Prevent double definition of `ETH_P_LLDP` when building on new kernels (bsc#1156545) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3751-1 Released: Fri Dec 11 08:53:40 2020 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1173914,1177196 This update for kdump fixes the following issues: - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3803-1 Released: Tue Dec 15 09:40:41 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1176355 This update for rsyslog fixes the following issues: - Fixes a crash for imfile (bsc#1176355) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3866-1 Released: Thu Dec 17 12:06:08 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1115550,1139398,1142000,1148566,1173513,1174162,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000) - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). - Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162). - Added speculative hardening for key storage (bsc#1139398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:118-1 Released: Thu Jan 14 06:16:26 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - Avoid a GCC warning about '/*' within a comment. - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:178-1 Released: Wed Jan 20 13:38:02 2021 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1160939,1168155,1171234,1172082,1174099,959556 This update for wicked fixes the following issues: - Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099) - Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770) - Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082) - Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234) - Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556) - Implement support for RFC7217. (jsc#SLE-6960) - Fix for schema to avoid not applying 'rto_min' including new time format. (bsc#1160939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:221-1 Released: Tue Jan 26 14:31:39 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:266-1 Released: Mon Feb 1 21:02:37 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1177533,1179326,1179691,1179738 This update for lvm2 fixes the following issue: - Fixes an issue when boot logical volume gets unmounted during patching. (bsc#1177533) - Fix for lvm2 to use 'external_device_info_source='udev'' by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) - Fixed an issue when after storage migration major performance issues occurred on the system. (bsc#1179326) From sle-security-updates at lists.suse.com Wed Feb 3 23:45:24 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 07:45:24 +0100 (CET) Subject: SUSE-IU-2021:3-1: Security update of sles-15-sp2-chost-byos-v20210202 Message-ID: <20210204064524.95731FFB1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210202 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:3-1 Image Tags : sles-15-sp2-chost-byos-v20210202:20210202 Image Release : Severity : important Type : security References : 1027519 1040855 1044120 1044767 1050625 1055117 1065729 1084671 1094840 1098449 1109695 1115431 1138374 1139944 1141597 1142248 1144793 1149032 1149032 1152457 1152472 1152489 1152489 1153274 1154353 1155094 1155518 1155518 1156315 1156395 1158775 1160634 1161099 1163727 1165933 1166146 1166166 1167030 1167657 1167773 1168771 1168952 1169006 1170139 1171000 1171073 1171078 1171558 1171688 1171883 1172145 1172695 1172733 1172873 1173504 1173513 1174016 1174091 1174206 1174257 1174436 1174486 1174508 1174571 1174701 1174852 1174942 1175079 1175306 1175458 1175480 1175514 1175623 1175918 1175995 1176109 1176180 1176200 1176396 1176481 1176586 1176606 1176782 1176855 1176942 1176956 1176983 1177066 1177070 1177120 1177211 1177238 1177261 1177275 1177326 1177353 1177397 1177427 1177460 1177490 1177500 1177533 1177577 1177583 1177600 1177658 1177666 1177666 1177679 1177703 1177733 1177820 1177870 1178009 1178049 1178123 1178182 1178203 1178227 1178270 1178286 1178304 1178330 1178346 1178372 1178393 1178401 1178426 1178461 1178554 1178579 1178581 1178584 1178585 1178589 1178590 1178612 1178634 1178635 1178653 1178659 1178660 1178661 1178669 1178686 1178740 1178755 1178756 1178762 1178775 1178780 1178823 1178825 1178838 1178853 1178886 1178909 1178910 1178966 1179001 1179012 1179014 1179015 1179045 1179076 1179082 1179083 1179107 1179107 1179140 1179141 1179160 1179193 1179201 1179204 1179211 1179217 1179222 1179225 1179363 1179398 1179399 1179415 1179419 1179419 1179424 1179425 1179426 1179427 1179429 1179432 1179434 1179435 1179440 1179442 1179491 1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179516 1179519 1179550 1179575 1179578 1179593 1179601 1179604 1179630 1179639 1179652 1179656 1179670 1179671 1179672 1179673 1179675 1179676 1179677 1179678 1179679 1179680 1179681 1179682 1179683 1179684 1179685 1179687 1179688 1179689 1179690 1179691 1179703 1179704 1179707 1179709 1179710 1179711 1179712 1179713 1179714 1179715 1179716 1179738 1179745 1179763 1179816 1179824 1179888 1179892 1179896 1179908 1179909 1179960 1179963 1180027 1180029 1180031 1180052 1180056 1180077 1180086 1180117 1180119 1180138 1180225 1180258 1180261 1180377 1180506 1180541 1180559 1180566 1180603 1180663 1180684 1180685 1180687 1180721 1180885 1181090 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1971 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20210202 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3736-1 Released: Wed Dec 9 18:19:58 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1173513,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3748-1 Released: Thu Dec 10 14:04:28 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3756-1 Released: Fri Dec 11 09:12:36 2020 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1177261,1177600 This update for hwinfo fixes the following issues: - Fixed an issue where the DPAA2 network did not come up (bsc#1177600, bsc#1177261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3915-1 Released: Tue Dec 22 14:16:27 2020 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3923-1 Released: Tue Dec 22 15:22:42 2020 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1174508,1176606 This update for kexec-tools fixes the following issues: - Xen 4.7 introduced _soft-reset_ for HVM domUs. (bsc#1176606, bsc#1174508) This host feature removes the requirement to _un-ballon_ the `domU` prior `kexec`. With Xen 4.13 _cpuid faulting_ became the default, which affects the approach used before to detect the _domU_ type. As a result, invoking kexec in _dom0_ failed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:73-1 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:117-1 Released: Thu Jan 14 06:14:36 2021 Summary: Security update for the Linux Kernel Type: security Severity: moderate References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020- 27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove 'default m' (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize 'tmp' before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:127-1 Released: Thu Jan 14 10:30:23 2021 Summary: Security update for open-iscsi Type: security Severity: important References: 1179440,1179908 This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login 'no_wait' for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:264-1 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1142248,1177870,1180119 This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) From sle-security-updates at lists.suse.com Wed Feb 3 23:47:35 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 07:47:35 +0100 (CET) Subject: SUSE-IU-2021:4-1: Security update of suse-sles-15-sp2-chost-byos-v20210202-hvm-ssd-x86_64 Message-ID: <20210204064735.DD3E6FFB1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210202-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:4-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210202-hvm-ssd-x86_64:20210202 Image Release : Severity : important Type : security References : 1027519 1040855 1044120 1044767 1050625 1055117 1065729 1084671 1094840 1098449 1109695 1115431 1138374 1139944 1141597 1142248 1144793 1149032 1149032 1152457 1152472 1152489 1152489 1153274 1154353 1155094 1155518 1155518 1156315 1156395 1158775 1160634 1161099 1163727 1165933 1166146 1166166 1167030 1167657 1167773 1168771 1168952 1169006 1170139 1171000 1171073 1171078 1171558 1171688 1171883 1172145 1172695 1172733 1172873 1173504 1173513 1174016 1174091 1174206 1174257 1174436 1174486 1174508 1174571 1174701 1174852 1174942 1175079 1175306 1175458 1175480 1175514 1175623 1175918 1175995 1176109 1176180 1176200 1176396 1176481 1176586 1176606 1176782 1176855 1176942 1176956 1176983 1177066 1177070 1177120 1177211 1177238 1177261 1177275 1177326 1177353 1177397 1177427 1177460 1177490 1177500 1177533 1177577 1177583 1177600 1177658 1177666 1177666 1177679 1177703 1177733 1177820 1177870 1178009 1178049 1178123 1178182 1178203 1178227 1178270 1178286 1178304 1178330 1178346 1178372 1178393 1178401 1178426 1178461 1178554 1178579 1178581 1178584 1178585 1178589 1178590 1178612 1178634 1178635 1178653 1178659 1178660 1178661 1178669 1178686 1178740 1178755 1178756 1178762 1178775 1178780 1178823 1178825 1178838 1178853 1178886 1178909 1178910 1178966 1179001 1179012 1179014 1179015 1179045 1179076 1179082 1179083 1179107 1179107 1179140 1179141 1179160 1179193 1179201 1179204 1179211 1179217 1179222 1179225 1179363 1179398 1179399 1179415 1179419 1179419 1179424 1179425 1179426 1179427 1179429 1179432 1179434 1179435 1179440 1179442 1179491 1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179516 1179519 1179550 1179575 1179578 1179593 1179601 1179604 1179630 1179639 1179652 1179656 1179670 1179671 1179672 1179673 1179675 1179676 1179677 1179678 1179679 1179680 1179681 1179682 1179683 1179684 1179685 1179687 1179688 1179689 1179690 1179691 1179703 1179704 1179707 1179709 1179710 1179711 1179712 1179713 1179714 1179715 1179716 1179738 1179745 1179763 1179816 1179824 1179888 1179892 1179896 1179908 1179909 1179960 1179963 1180027 1180029 1180031 1180052 1180056 1180077 1180086 1180117 1180119 1180138 1180225 1180258 1180261 1180377 1180506 1180541 1180559 1180566 1180603 1180663 1180684 1180685 1180687 1180721 1180885 1181090 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1971 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210202-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3736-1 Released: Wed Dec 9 18:19:58 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1173513,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3748-1 Released: Thu Dec 10 14:04:28 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3756-1 Released: Fri Dec 11 09:12:36 2020 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1177261,1177600 This update for hwinfo fixes the following issues: - Fixed an issue where the DPAA2 network did not come up (bsc#1177600, bsc#1177261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3915-1 Released: Tue Dec 22 14:16:27 2020 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3923-1 Released: Tue Dec 22 15:22:42 2020 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1174508,1176606 This update for kexec-tools fixes the following issues: - Xen 4.7 introduced _soft-reset_ for HVM domUs. (bsc#1176606, bsc#1174508) This host feature removes the requirement to _un-ballon_ the `domU` prior `kexec`. With Xen 4.13 _cpuid faulting_ became the default, which affects the approach used before to detect the _domU_ type. As a result, invoking kexec in _dom0_ failed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:73-1 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:117-1 Released: Thu Jan 14 06:14:36 2021 Summary: Security update for the Linux Kernel Type: security Severity: moderate References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020- 27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove 'default m' (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize 'tmp' before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:127-1 Released: Thu Jan 14 10:30:23 2021 Summary: Security update for open-iscsi Type: security Severity: important References: 1179440,1179908 This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login 'no_wait' for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:264-1 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1142248,1177870,1180119 This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) From sle-security-updates at lists.suse.com Thu Feb 4 00:28:04 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Feb 2021 08:28:04 +0100 (CET) Subject: SUSE-CU-2021:45-1: Security update of suse/sle15 Message-ID: <20210204072804.BEDF0FFB1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:45-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.113 Container Release : 13.2.113 Severity : moderate Type : security References : 1171883 1180603 CVE-2020-8025 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) From sle-security-updates at lists.suse.com Mon Feb 8 14:16:40 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 15:16:40 +0100 (CET) Subject: SUSE-SU-2021:0323-1: moderate: Security update for nutch-core Message-ID: <20210208141640.8BA2FFFB1@maintenance.suse.de> SUSE Security Update: Security update for nutch-core ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0323-1 Rating: moderate References: #1181356 Cross-References: CVE-2021-23901 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nutch-core fixes the following issue: - CVE-2021-23901: fixed an XML external entity (XXE) injection in `DmozParser` (bsc#1181356) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-323=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): nutch-core-1.0.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-23901.html https://bugzilla.suse.com/1181356 From sle-security-updates at lists.suse.com Mon Feb 8 14:26:58 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 15:26:58 +0100 (CET) Subject: SUSE-SU-2021:0335-1: important: Include cilium addon security fixes and a new skuba release with updated add-ons Message-ID: <20210208142658.D4C06FFB2@maintenance.suse.de> SUSE Security Update: Include cilium addon security fixes and a new skuba release with updated add-ons ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0335-1 Rating: important References: #1173559 #1177348 #1178931 Cross-References: CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-35471 CVE-2020-8663 Affected Products: SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: == Cilium (Security fixes) This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd ates.html#_updating_kubernetes_components for the upgrade procedure. == Skuba In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_upd ates.html#_update_management_workstation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (aarch64 x86_64): caasp-release-4.5.3-1.13.1 skuba-2.1.13-3.15.7.2 - SUSE CaaS Platform 4.5 (noarch): skuba-update-2.1.13-3.15.7.2 References: https://www.suse.com/security/cve/CVE-2020-12603.html https://www.suse.com/security/cve/CVE-2020-12604.html https://www.suse.com/security/cve/CVE-2020-12605.html https://www.suse.com/security/cve/CVE-2020-35471.html https://www.suse.com/security/cve/CVE-2020-8663.html https://bugzilla.suse.com/1173559 https://bugzilla.suse.com/1177348 https://bugzilla.suse.com/1178931 From sle-security-updates at lists.suse.com Mon Feb 8 14:38:31 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 15:38:31 +0100 (CET) Subject: SUSE-SU-2021:0315-1: moderate: Security maintenance update for SUSE Manager: Debian9 Client Tools Message-ID: <20210208143831.10820FFB1@maintenance.suse.de> SUSE Security Update: Security maintenance update for SUSE Manager: Debian9 Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0315-1 Rating: moderate References: #1002529 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1025896 #1027044 #1027240 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1071322 #1072599 #1075950 #1079048 #1081592 #1083110 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101780 #1101812 #1101880 #1102013 #1102218 #1102248 #1102265 #1102819 #1103530 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 #1110938 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116343 #1116837 #1117995 #1121091 #1121439 #1122663 #1122680 #1123044 #1123512 #1123865 #1124277 #1125015 #1128061 #1128554 #1129079 #1130588 #1130784 #1131114 #1132076 #1133523 #1133647 #1134860 #1135360 #1135507 #1135567 #1135656 #1135732 #1137642 #1138952 #1139761 #1140193 #1140912 #1143301 #1146192 #1146382 #1148714 #1150447 #1151650 #1151947 #1152366 #1153611 #1154620 #1157465 #1157479 #1158441 #1158940 #1159118 #1159284 #1159670 #1160931 #1162327 #1162504 #1165425 #1165572 #1167437 #1167556 #1168340 #1169604 #1169800 #1170042 #1170104 #1170288 #1170595 #1171461 #1171906 #1172075 #1172211 #1173072 #1173909 #1173911 #1173936 #1174165 #1175549 #1175987 #1176024 #1176294 #1176397 #1176480 #1177867 #1178319 #1178361 #1178362 #1178485 #849184 #849204 #849205 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Cross-References: CVE-2016-1866 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 218 fixes is now available. Description: This security Maintenance update for SUSE Manager Debian9 Client Tools provides: salt: - First release for Debian 9 client tools that provides the version 3000 of salt. spacecmd: - First release for Debian 9 client tools that provides the version 4.1.10 of spacecmd. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-315=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.7.1 salt-minion-3000+ds-1+2.7.1 spacecmd-4.1.10-2.3.1 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1083110 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101780 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102248 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1124277 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133523 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1134860 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1135567 https://bugzilla.suse.com/1135656 https://bugzilla.suse.com/1135732 https://bugzilla.suse.com/1137642 https://bugzilla.suse.com/1138952 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1140912 https://bugzilla.suse.com/1143301 https://bugzilla.suse.com/1146192 https://bugzilla.suse.com/1146382 https://bugzilla.suse.com/1148714 https://bugzilla.suse.com/1150447 https://bugzilla.suse.com/1151650 https://bugzilla.suse.com/1151947 https://bugzilla.suse.com/1152366 https://bugzilla.suse.com/1153611 https://bugzilla.suse.com/1154620 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1158940 https://bugzilla.suse.com/1159118 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1159670 https://bugzilla.suse.com/1160931 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170042 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1173909 https://bugzilla.suse.com/1173911 https://bugzilla.suse.com/1173936 https://bugzilla.suse.com/1174165 https://bugzilla.suse.com/1175549 https://bugzilla.suse.com/1175987 https://bugzilla.suse.com/1176024 https://bugzilla.suse.com/1176294 https://bugzilla.suse.com/1176397 https://bugzilla.suse.com/1176480 https://bugzilla.suse.com/1177867 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-security-updates at lists.suse.com Mon Feb 8 15:14:01 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 16:14:01 +0100 (CET) Subject: SUSE-SU-2021:0316-1: moderate: Security maintenance update for SUSE Manager: Debian10 Client Tools Message-ID: <20210208151401.90F25FFB4@maintenance.suse.de> SUSE Security Update: Security maintenance update for SUSE Manager: Debian10 Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0316-1 Rating: moderate References: #1002529 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1025896 #1027044 #1027240 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1071322 #1072599 #1075950 #1079048 #1081592 #1083110 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101780 #1101812 #1101880 #1102013 #1102218 #1102248 #1102265 #1102819 #1103530 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 #1110938 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116343 #1116837 #1117995 #1121091 #1121439 #1122663 #1122680 #1123044 #1123512 #1123865 #1124277 #1125015 #1128061 #1128554 #1129079 #1130588 #1130784 #1131114 #1132076 #1133523 #1133647 #1134860 #1135360 #1135507 #1135567 #1135656 #1135732 #1137642 #1138952 #1139761 #1140193 #1140912 #1143301 #1146192 #1146382 #1148714 #1150447 #1151650 #1151947 #1152366 #1153611 #1154620 #1157465 #1157479 #1158441 #1158940 #1159118 #1159284 #1159670 #1160931 #1162327 #1162504 #1165425 #1165572 #1167437 #1167556 #1168340 #1169604 #1169800 #1170042 #1170104 #1170288 #1170595 #1171461 #1171906 #1172075 #1172211 #1173072 #1173909 #1173911 #1173936 #1174165 #1175549 #1175987 #1176024 #1176294 #1176397 #1176480 #1177867 #1178319 #1178361 #1178362 #1178485 #849184 #849204 #849205 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Cross-References: CVE-2016-1866 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 218 fixes is now available. Description: This security maintenance update for SUSE Manager Debian10 Client Tools provides: salt: - First release for Debian 10 client tools that provides the version 3000 of salt. spacecmd: - First release for Debian 9 client tools that provides the version 4.1.10 of spacecmd. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-316=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.7.1 salt-minion-3000+ds-1+2.7.1 spacecmd-4.1.10-2.3.2 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1083110 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101780 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102248 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1124277 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133523 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1134860 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1135567 https://bugzilla.suse.com/1135656 https://bugzilla.suse.com/1135732 https://bugzilla.suse.com/1137642 https://bugzilla.suse.com/1138952 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1140912 https://bugzilla.suse.com/1143301 https://bugzilla.suse.com/1146192 https://bugzilla.suse.com/1146382 https://bugzilla.suse.com/1148714 https://bugzilla.suse.com/1150447 https://bugzilla.suse.com/1151650 https://bugzilla.suse.com/1151947 https://bugzilla.suse.com/1152366 https://bugzilla.suse.com/1153611 https://bugzilla.suse.com/1154620 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1158940 https://bugzilla.suse.com/1159118 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1159670 https://bugzilla.suse.com/1160931 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170042 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1173909 https://bugzilla.suse.com/1173911 https://bugzilla.suse.com/1173936 https://bugzilla.suse.com/1174165 https://bugzilla.suse.com/1175549 https://bugzilla.suse.com/1175987 https://bugzilla.suse.com/1176024 https://bugzilla.suse.com/1176294 https://bugzilla.suse.com/1176397 https://bugzilla.suse.com/1176480 https://bugzilla.suse.com/1177867 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-security-updates at lists.suse.com Mon Feb 8 20:18:58 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 21:18:58 +0100 (CET) Subject: SUSE-SU-2021:0344-1: important: Security update for python3 Message-ID: <20210208201858.0A041FFB1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0344-1 Rating: important References: #1176262 #1180686 Cross-References: CVE-2019-20916 CVSS scores: CVE-2019-20916 (NVD) Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE) Base Score: 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-344=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-344=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-344=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-344=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-344=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-344=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-344=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-344=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-344=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-344=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-344=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-344=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-344=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-344=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-344=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-344=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-344=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-344=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-dbm-3.4.10-25.63.1 python3-dbm-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-tk-3.4.10-25.63.1 python3-tk-debuginfo-3.4.10-25.63.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.63.2 python3-base-debuginfo-32bit-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 - SUSE Enterprise Storage 5 (x86_64): python3-devel-debuginfo-3.4.10-25.63.2 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.63.2 libpython3_4m1_0-debuginfo-3.4.10-25.63.2 python3-3.4.10-25.63.1 python3-base-3.4.10-25.63.2 python3-base-debuginfo-3.4.10-25.63.2 python3-base-debugsource-3.4.10-25.63.2 python3-curses-3.4.10-25.63.1 python3-curses-debuginfo-3.4.10-25.63.1 python3-debuginfo-3.4.10-25.63.1 python3-debugsource-3.4.10-25.63.1 python3-devel-3.4.10-25.63.2 python3-devel-debuginfo-3.4.10-25.63.2 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1180686 From sle-security-updates at lists.suse.com Mon Feb 8 20:20:11 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 21:20:11 +0100 (CET) Subject: SUSE-SU-2021:0342-1: moderate: Security update for python-urllib3 Message-ID: <20210208202011.8B52CFFB1@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0342-1 Rating: moderate References: #1177211 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) Base Score: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE) Base Score: 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-342=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-342=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-urllib3-1.23-3.18.1 - SUSE OpenStack Cloud 9 (noarch): python-urllib3-1.23-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 From sle-security-updates at lists.suse.com Mon Feb 8 20:23:09 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Feb 2021 21:23:09 +0100 (CET) Subject: SUSE-SU-2021:0341-1: moderate: Security update for python-urllib3 Message-ID: <20210208202309.5F9D7FFB1@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0341-1 Rating: moderate References: #1177211 #1181571 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) Base Score: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE) Base Score: 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). - Skip test for RECENT_DATE (bsc#1181571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-341=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-341=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-341=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-341=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 https://bugzilla.suse.com/1181571 From sle-security-updates at lists.suse.com Tue Feb 9 07:33:26 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 08:33:26 +0100 (CET) Subject: SUSE-CU-2021:50-1: Security update of caasp/v4.5/cilium Message-ID: <20210209073326.EA135FF1F@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:50-1 Container Tags : caasp/v4.5/cilium:1.7.6 , caasp/v4.5/cilium:1.7.6-rev5 , caasp/v4.5/cilium:1.7.6-rev5-build5.15.3 Container Release : 5.15.3 Severity : important Type : security References : 1050625 1084671 1098449 1141597 1144793 1167939 1168771 1169006 1171883 1172695 1173559 1174016 1174436 1174942 1175458 1175514 1175623 1176964 1177238 1177275 1177348 1177427 1177490 1177533 1177583 1177658 1178346 1178554 1178775 1178823 1178825 1178909 1178910 1178931 1178966 1179083 1179155 1179222 1179363 1179415 1179503 1179691 1179691 1179738 1179816 1179824 1179909 1180077 1180138 1180225 1180603 1180603 1180663 1180721 1180885 1181319 CVE-2017-9271 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-25709 CVE-2020-25710 CVE-2020-35471 CVE-2020-8025 CVE-2020-8663 ----------------------------------------------------------------- The container caasp/v4.5/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3840-1 Released: Wed Dec 16 10:32:03 2020 Summary: Recommended update for llvm7 Type: recommended Severity: moderate References: 1176964,1179155 This update for llvm7 fixes the following issues: - Fix dsymutil crash on ELF file. (bsc#1176964) - Add Conflicts: clang-tools to clang7 and llvm7 packages to properly handle newer llvm versions. (bsc#1179155) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:79-1 Released: Tue Jan 12 10:49:34 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1167939 This update for gcc7 fixes the following issues: - Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:335-1 Released: Mon Feb 8 11:19:09 2021 Summary: Include cilium addon security fixes and a new skuba release with updated add-ons Type: security Severity: important References: 1173559,1177348,1178931,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-35471,CVE-2020-8663 == Cilium (Security fixes) This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_updating_kubernetes_components for the upgrade procedure. == Skuba In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_update_management_workstation ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. From sle-security-updates at lists.suse.com Tue Feb 9 07:34:00 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 08:34:00 +0100 (CET) Subject: SUSE-CU-2021:51-1: Security update of caasp/v4.5/cilium-operator Message-ID: <20210209073400.21287FF1F@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:51-1 Container Tags : caasp/v4.5/cilium-operator:1.7.6 , caasp/v4.5/cilium-operator:1.7.6-rev5 , caasp/v4.5/cilium-operator:1.7.6-rev5-build5.15.3 Container Release : 5.15.3 Severity : important Type : security References : 1050625 1084671 1141597 1169006 1171883 1172695 1173559 1174016 1174436 1174942 1175458 1175514 1175623 1177238 1177275 1177348 1177427 1177490 1177583 1178346 1178554 1178775 1178823 1178825 1178909 1178910 1178931 1178966 1179083 1179222 1179363 1179415 1179503 1179816 1179824 1179909 1180077 1180138 1180225 1180603 1180603 1180663 1180721 1180885 CVE-2017-9271 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-25709 CVE-2020-25710 CVE-2020-35471 CVE-2020-8025 CVE-2020-8663 ----------------------------------------------------------------- The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:335-1 Released: Mon Feb 8 11:19:09 2021 Summary: Include cilium addon security fixes and a new skuba release with updated add-ons Type: security Severity: important References: 1173559,1177348,1178931,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-35471,CVE-2020-8663 == Cilium (Security fixes) This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_updating_kubernetes_components for the upgrade procedure. == Skuba In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_update_management_workstation ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. From sle-security-updates at lists.suse.com Tue Feb 9 14:17:10 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 15:17:10 +0100 (CET) Subject: SUSE-SU-2021:0347-1: important: Security update for the Linux Kernel Message-ID: <20210209141710.87D17FFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0347-1 Rating: important References: #1065600 #1149032 #1152472 #1152489 #1153274 #1154353 #1155518 #1163727 #1163930 #1165545 #1167773 #1172355 #1175389 #1176395 #1176831 #1176846 #1178142 #1178372 #1178631 #1178684 #1179142 #1179396 #1179508 #1179509 #1179567 #1179572 #1179575 #1179878 #1180008 #1180130 #1180264 #1180412 #1180541 #1180559 #1180562 #1180566 #1180676 #1180759 #1180765 #1180773 #1180809 #1180812 #1180848 #1180859 #1180889 #1180891 #1180971 #1181014 #1181018 #1181077 #1181104 #1181148 #1181158 #1181161 #1181169 #1181203 #1181217 #1181218 #1181219 #1181220 #1181237 #1181318 #1181335 #1181346 #1181349 #1181425 #1181494 #1181504 #1181511 #1181538 #1181553 #1181584 #1181645 Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-36158 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2020-25211 (NVD): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-29568 (NVD): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-36158 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559). - CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372). The following non-security bugs were fixed: - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: sysfs: Prefer "compatible" modalias (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: ak4458: correct reset polarity (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - bitmap: remove unused function declaration (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/atomic: put state on error path (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - EDAC/amd64: Fix PCI component registration (bsc#1152489). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ("kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.") - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - iio: ad5504: Fix setting power-down state (git-fixes). - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - kdb: Fix pager search for multi-line strings (git-fixes). - kgdb: Drop malformed kernel doc comment (git-fixes). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - lib/string: remove unnecessary #undefs (git-fixes). - lockd: do not use interval-based rebinding over TCP (for-next). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mmc: core: do not initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - module: delay kobject uevent until after module init call (bsc#1178631). - Move "btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575)." to sorted section - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: hns3: remove a misused pragma packed (bsc#1154353). - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - nfs_common: need lock during iterate through the list (for-next). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - PM: hibernate: flush swap writer after marking (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - power: vexpress: add suppress_bind_attrs to true (git-fixes). - prom_init: enable verbose prints (bsc#1178142 bsc#1180759). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - r8169: work around power-saving bug on some chip versions (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - Revert "ceph: allow rename operation under different quota realms" (bsc#1180541). - Revert "nfsd4: support change_attr_type attribute" (for-next). - Revive usb-audio Keep Interface mixer (bsc#1181014). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355). - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - selftests: net: fib_tests: remove duplicate log test (git-fixes). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb" (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: enable super speed plus (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - x86/resctrl: Do not move a task to the same resource group (bsc#1152489). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/privcmd: allow fetching resource sizes (bsc#1065600). - xfs: show the proper user quota options (bsc#1181538). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-347=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.35.2 kernel-source-azure-5.3.18-18.35.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.35.2 kernel-azure-debuginfo-5.3.18-18.35.2 kernel-azure-debugsource-5.3.18-18.35.2 kernel-azure-devel-5.3.18-18.35.2 kernel-azure-devel-debuginfo-5.3.18-18.35.2 kernel-syms-azure-5.3.18-18.35.2 References: https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1163930 https://bugzilla.suse.com/1165545 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1172355 https://bugzilla.suse.com/1175389 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178142 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179396 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179567 https://bugzilla.suse.com/1179572 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180264 https://bugzilla.suse.com/1180412 https://bugzilla.suse.com/1180541 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180566 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1180759 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180773 https://bugzilla.suse.com/1180809 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180848 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180889 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180971 https://bugzilla.suse.com/1181014 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181077 https://bugzilla.suse.com/1181104 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1181169 https://bugzilla.suse.com/1181203 https://bugzilla.suse.com/1181217 https://bugzilla.suse.com/1181218 https://bugzilla.suse.com/1181219 https://bugzilla.suse.com/1181220 https://bugzilla.suse.com/1181237 https://bugzilla.suse.com/1181318 https://bugzilla.suse.com/1181335 https://bugzilla.suse.com/1181346 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181494 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181511 https://bugzilla.suse.com/1181538 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181584 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Tue Feb 9 14:29:14 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 15:29:14 +0100 (CET) Subject: SUSE-SU-2021:0348-1: important: Security update for the Linux Kernel Message-ID: <20210209142914.0948DFFB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0348-1 Rating: important References: #1046305 #1046306 #1046540 #1046542 #1046648 #1050242 #1050244 #1050536 #1050538 #1050545 #1056653 #1056657 #1056787 #1064802 #1066129 #1073513 #1074220 #1075020 #1086282 #1086301 #1086313 #1086314 #1098633 #1103990 #1103991 #1103992 #1104270 #1104277 #1104279 #1104353 #1104427 #1104742 #1104745 #1109837 #1111981 #1112178 #1112374 #1113956 #1119113 #1126206 #1126390 #1127354 #1127371 #1129770 #1136348 #1144912 #1149032 #1163727 #1172145 #1174206 #1176831 #1176846 #1178036 #1178049 #1178372 #1178631 #1178684 #1178900 #1179093 #1179508 #1179509 #1179563 #1179573 #1179575 #1179878 #1180008 #1180130 #1180559 #1180562 #1180676 #1180765 #1180812 #1180859 #1180891 #1180912 #1181001 #1181018 #1181170 #1181230 #1181231 #1181349 #1181425 #1181553 #901327 Cross-References: CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-36158 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVSS scores: CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-29568 (NVD): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-36158 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 75 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559). - CVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372). The following non-security bugs were fixed: - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: Intel: haswell: Add missing pm_ops (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (bsc#1086282). - bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ). - bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (bsc#1104745). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282). - bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206). - btrfs: add a flag to iterate_inodes_from_logical to find all - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - caif: no need to check return value of debugfs_create functions (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - chelsio/chtls: correct function return and return type (bsc#1104270). - chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ). - chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ). - chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ). - chelsio/chtls: fix deadlock issue (bsc#1104270). - chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ). - chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ). - chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ). - chelsio/chtls: fix socket lock (bsc#1104270). - chelsio/chtls: fix tls record info to user (bsc#1104270 ). - chtls: Added a check to avoid NULL pointer dereference (bsc#1104270). - chtls: Fix chtls resources release sequence (bsc#1104270 ). - chtls: Fix hardware tid leak (bsc#1104270). - chtls: Remove invalid set_tcb call (bsc#1104270). - chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#1109837). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540 bsc#1046542). - cxgb4: fix adapter crash due to wrong MC size (bsc#1073513). - cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648). - cxgb4: fix SGE queue dump destination buffer context (bsc#1073513). - cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129). - cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277). - cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#1127371). - cxgb4: move DCB version extern to header file (bsc#1104279 ). - cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220). - cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129). - cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#1046648). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - docs: Fix reST markup when linking to sections (git-fixes). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting changes: * context changes - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956) - drm/atomic: put state on error path (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting changes: * context changes - drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: * context changes - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770) Backporting changes: * context changes * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770) Backporting changes: * context changes * removed reference to msm_gem_is_locked() - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting changes: * context changes - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting changes: * context changes - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178) - drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770) - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178) Backporting changes: * context changes - EDAC/amd64: Fix PCI component registration (bsc#1112178). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i40e: avoid premature Rx buffer reuse (bsc#1111981). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#1103991). - igb: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: fix link speed advertising (jsc#SLE-4799). - iio: ad5504: Fix setting power-down state (git-fixes). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - kABI workaround for HD-audio generic parser (git-fixes). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (bsc#1181230). - lockd: do not use interval-based rebinding over TCP (git-fixes). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md: fix a warning caused by a race between concurrent md_ioctl()s (git-fixes). - md/raid10: initialize r10_bio->read_slot before use (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#1112374). - mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (bsc#1112374). - mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)). - mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/hwpoison)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/hotplug)). - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git fixes (mm/pgalloc)). - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git fixes (mm/hmm)). - mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)). - module: delay kobject uevent until after module init call (bsc#1178631). - net/af_iucv: always register net_device notifier (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#190108). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: reapply manual settings to the PHY (git-fixes). - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes). - net: cbs: Fix software cbs to consider packet sending time (bsc#1109837). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes). - net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes). - net_failover: fixed rollback in net_failover_open() (bsc#1109837). - net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc#1109837). - net: freescale: fec: Fix ethtool -d runtime PM (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353). - net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE (git-fixes). - net: hns3: add management table after IMP reset (bsc#1104353 ). - net: hns3: check reset interrupt status when reset fails (git-fixes). - net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes). - net: hns3: fix a TX timeout issue (bsc#1104353). - net: hns3: fix a wrong reset interrupt status mask (git-fixes). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix error VF index when setting VLAN offload (bsc#1104353). - net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390). - net: hns3: fix interrupt clearing error for VF (bsc#1104353 ). - net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353). - net: hns3: fix shaper parameter algorithm (bsc#1104353 ). - net: hns3: fix the number of queues actually used by ARQ (bsc#1104353). - net: hns3: fix use-after-free when doing self test (bsc#1104353 ). - net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353). - __netif_receive_skb_core: pass skb by reference (bsc#1109837). - net/liquidio: Delete driver version assignment (git-fixes). - net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (git-fixes). - net/mlx5: Add handling of port type in rule deletion (bsc#1103991). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#1103990). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (bsc#1046305). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#1075020). - net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305). - net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#1098633). - net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633). - net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes). - net: phy: micrel: make sure the factory test bit is cleared (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels (bsc#1109837). - net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc#1056787). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: receive pending data after RCV_SHUTDOWN (git-fixes). - net/smc: receive returns without data (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: lan78xx: Fix error message format specifier (git-fixes). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: validate the return code from dev_queue_xmit() (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (git-fixes). - nfs_common: need lock during iterate through the list (git-fixes). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (git-fixes). - NFS: nfs_igrab_and_active must first reference the superblock (git-fixes). - NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes). - NFSv4.2: condition READDIR's mask for security label based on LSM state (git-fixes). - page_frag: Recover from memory pressure (git fixes (mm/pgalloc)). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes). - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1103992). - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742). - RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#1103992). - RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ). - RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306). - RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306). - RDMA/core: Fix reported speed and width (bsc#1046306 ). - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1103992). - RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ). - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427). - RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#1104427). - RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#1104427). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc#1126206). - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ). - RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#SLE-4684). - RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#SLE-4684). - RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ). - RDMA/mlx5: Fix typo in enum name (bsc#1103991). - RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991). - RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - remoteproc: Fix wrong rvring index computation (git-fixes). - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" (git-fixes). - Revert "crypto: chelsio - Inline single pdu only" (git-fixes). - Revert "device property: Keep secondary firmware node secondary by type" (git-fixes). - Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" (git-fixes). - Revert "serial: amba-pl011: Make sure we initialize the port.lock spinlock" (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915). - s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#190915). - s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Fix enqueue_task_fair warning (bsc#1179093). - sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093). - sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093). - sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - tty: always relink the port (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#1109837). - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - USB: ldusb: use unsigned size format specifiers (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: Skip endpoints with 0 maxpacket length (git-fixes). - USB: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837). - vfio iommu: Add dma available capability (bsc#1179573 LTC#190106). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231). - vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/mm: Fix leak of pmd ptlock (bsc#1112178). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178). - x86/resctrl: Do not move a task to the same resource group (bsc#1112178). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178). - xdp: Fix xsk_generic_xmit errno (bsc#1109837). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-348=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.44.1 kernel-azure-base-4.12.14-16.44.1 kernel-azure-base-debuginfo-4.12.14-16.44.1 kernel-azure-debuginfo-4.12.14-16.44.1 kernel-azure-debugsource-4.12.14-16.44.1 kernel-azure-devel-4.12.14-16.44.1 kernel-syms-azure-4.12.14-16.44.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.44.1 kernel-source-azure-4.12.14-16.44.1 References: https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1046542 https://bugzilla.suse.com/1046648 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1074220 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104277 https://bugzilla.suse.com/1104279 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104742 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1174206 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178036 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1178900 https://bugzilla.suse.com/1179093 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179563 https://bugzilla.suse.com/1179573 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180912 https://bugzilla.suse.com/1181001 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181170 https://bugzilla.suse.com/1181230 https://bugzilla.suse.com/1181231 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/901327 From sle-security-updates at lists.suse.com Tue Feb 9 17:18:34 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 18:18:34 +0100 (CET) Subject: SUSE-SU-2021:0352-1: important: Security update for java-11-openjdk Message-ID: <20210209171834.ADCE1FF1F@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0352-1 Rating: important References: #1181239 ECO-3171 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239) - Enable Sheandoah GC for x86_64 (jsc#ECO-3171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-352=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-352=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-352=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-352=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-352=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-352=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-352=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-352=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-352=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-352=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-352=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-352=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-352=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-352=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-352=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Manager Proxy 4.0 (x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.10.0-3.53.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.10.0-3.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.10.0-3.53.1 java-11-openjdk-debuginfo-11.0.10.0-3.53.1 java-11-openjdk-debugsource-11.0.10.0-3.53.1 java-11-openjdk-demo-11.0.10.0-3.53.1 java-11-openjdk-devel-11.0.10.0-3.53.1 java-11-openjdk-headless-11.0.10.0-3.53.1 References: https://bugzilla.suse.com/1181239 From sle-security-updates at lists.suse.com Tue Feb 9 20:16:09 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 21:16:09 +0100 (CET) Subject: SUSE-SU-2021:0353-1: important: Security update for the Linux Kernel Message-ID: <20210209201609.3D735FFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0353-1 Rating: important References: #1046305 #1046306 #1046540 #1046542 #1046648 #1050242 #1050244 #1050536 #1050538 #1050545 #1056653 #1056657 #1056787 #1064802 #1066129 #1073513 #1074220 #1075020 #1086282 #1086301 #1086313 #1086314 #1098633 #1103990 #1103991 #1103992 #1104270 #1104277 #1104279 #1104353 #1104427 #1104742 #1104745 #1109837 #1111981 #1112178 #1112374 #1113956 #1119113 #1126206 #1126390 #1127354 #1127371 #1129770 #1136348 #1149032 #1174206 #1176395 #1176831 #1176846 #1178036 #1178049 #1178631 #1178900 #1179093 #1179508 #1179509 #1179563 #1179573 #1179575 #1179878 #1180008 #1180130 #1180765 #1180812 #1180859 #1180891 #1180912 #1181001 #1181018 #1181170 #1181230 #1181231 #1181349 #1181425 #1181553 Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-29568 CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVSS scores: CVE-2020-25211 (NVD): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-29568 (NVD): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-0342 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 68 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). The following non-security bugs were fixed: - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: haswell: Add missing pm_ops (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (bsc#1086282). - bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ). - bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (bsc#1104745). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282). - bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206). - btrfs: add a flag to iterate_inodes_from_logical to find all - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - caif: no need to check return value of debugfs_create functions (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - chelsio/chtls: correct function return and return type (bsc#1104270). - chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ). - chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ). - chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ). - chelsio/chtls: fix deadlock issue (bsc#1104270). - chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ). - chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ). - chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ). - chelsio/chtls: fix socket lock (bsc#1104270). - chelsio/chtls: fix tls record info to user (bsc#1104270 ). - chtls: Added a check to avoid NULL pointer dereference (bsc#1104270). - chtls: Fix chtls resources release sequence (bsc#1104270 ). - chtls: Fix hardware tid leak (bsc#1104270). - chtls: Remove invalid set_tcb call (bsc#1104270). - chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ). - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#1109837). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540 bsc#1046542). - cxgb4: fix adapter crash due to wrong MC size (bsc#1073513). - cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648). - cxgb4: fix SGE queue dump destination buffer context (bsc#1073513). - cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129). - cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277). - cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#1127371). - cxgb4: move DCB version extern to header file (bsc#1104279 ). - cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220). - cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129). - cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#1046648). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - docs: Fix reST markup when linking to sections (git-fixes). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting changes: * context changes - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956) - drm/atomic: put state on error path (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting changes: * context changes - drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: * context changes - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770) Backporting changes: * context changes * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770) Backporting changes: * context changes * removed reference to msm_gem_is_locked() - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting changes: * context changes - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting changes: * context changes - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178) - drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770) - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178) Backporting changes: * context changes - EDAC/amd64: Fix PCI component registration (bsc#1112178). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i40e: avoid premature Rx buffer reuse (bsc#1111981). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#1103991). - igb: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: fix link speed advertising (jsc#SLE-4799). - iio: ad5504: Fix setting power-down state (git-fixes). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (bsc#1181230). - lockd: do not use interval-based rebinding over TCP (git-fixes). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md: fix a warning caused by a race between concurrent md_ioctl()s (git-fixes). - md/raid10: initialize r10_bio->read_slot before use (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#1112374). - mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (bsc#1112374). - mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)). - mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/hwpoison)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/hotplug)). - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git fixes (mm/pgalloc)). - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git fixes (mm/hmm)). - mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)). - module: delay kobject uevent until after module init call (bsc#1178631). - net/af_iucv: always register net_device notifier (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#190108). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: reapply manual settings to the PHY (git-fixes). - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes). - net: cbs: Fix software cbs to consider packet sending time (bsc#1109837). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes). - net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes). - net_failover: fixed rollback in net_failover_open() (bsc#1109837). - net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc#1109837). - net: freescale: fec: Fix ethtool -d runtime PM (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353). - net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE (git-fixes). - net: hns3: add management table after IMP reset (bsc#1104353 ). - net: hns3: check reset interrupt status when reset fails (git-fixes). - net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes). - net: hns3: fix a TX timeout issue (bsc#1104353). - net: hns3: fix a wrong reset interrupt status mask (git-fixes). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix error VF index when setting VLAN offload (bsc#1104353). - net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390). - net: hns3: fix interrupt clearing error for VF (bsc#1104353 ). - net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353). - net: hns3: fix shaper parameter algorithm (bsc#1104353 ). - net: hns3: fix the number of queues actually used by ARQ (bsc#1104353). - net: hns3: fix use-after-free when doing self test (bsc#1104353 ). - net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353). - __netif_receive_skb_core: pass skb by reference (bsc#1109837). - net/liquidio: Delete driver version assignment (git-fixes). - net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (git-fixes). - net/mlx5: Add handling of port type in rule deletion (bsc#1103991). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#1103990). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (bsc#1046305). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#1075020). - net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305). - net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#1098633). - net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633). - net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes). - net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes). - net: phy: micrel: make sure the factory test bit is cleared (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels (bsc#1109837). - net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc#1056787). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: receive pending data after RCV_SHUTDOWN (git-fixes). - net/smc: receive returns without data (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: lan78xx: Fix error message format specifier (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes). - nfp: validate the return code from dev_queue_xmit() (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (git-fixes). - nfs_common: need lock during iterate through the list (git-fixes). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (git-fixes). - NFS: nfs_igrab_and_active must first reference the superblock (git-fixes). - NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes). - NFSv4.2: condition READDIR's mask for security label based on LSM state (git-fixes). - page_frag: Recover from memory pressure (git fixes (mm/pgalloc)). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes). - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1103992). - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742). - RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#1103992). - RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ). - RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306). - RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306). - RDMA/core: Fix reported speed and width (bsc#1046306 ). - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1103992). - RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ). - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427). - RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#1104427). - RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#1104427). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc#1126206). - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ). - RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#SLE-4684). - RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#SLE-4684). - RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ). - RDMA/mlx5: Fix typo in enum name (bsc#1103991). - RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991). - RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915). - s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#190915). - s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Fix enqueue_task_fair warning (bsc#1179093). - sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093). - sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093). - sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#1109837). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837). - vfio iommu: Add dma available capability (bsc#1179573 LTC#190106). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231). - vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/mm: Fix leak of pmd ptlock (bsc#1112178). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178). - x86/resctrl: Do not move a task to the same resource group (bsc#1112178). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178). - xdp: Fix xsk_generic_xmit errno (bsc#1109837). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-353=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-353=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-353=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-353=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-353=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.60.1 kernel-default-debugsource-4.12.14-122.60.1 kernel-default-extra-4.12.14-122.60.1 kernel-default-extra-debuginfo-4.12.14-122.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.60.1 kernel-obs-build-debugsource-4.12.14-122.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.60.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.60.1 kernel-default-base-4.12.14-122.60.1 kernel-default-base-debuginfo-4.12.14-122.60.1 kernel-default-debuginfo-4.12.14-122.60.1 kernel-default-debugsource-4.12.14-122.60.1 kernel-default-devel-4.12.14-122.60.1 kernel-syms-4.12.14-122.60.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.60.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.60.1 kernel-macros-4.12.14-122.60.1 kernel-source-4.12.14-122.60.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.60.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.60.1 kernel-default-debugsource-4.12.14-122.60.1 kernel-default-kgraft-4.12.14-122.60.1 kernel-default-kgraft-devel-4.12.14-122.60.1 kgraft-patch-4_12_14-122_60-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.60.1 cluster-md-kmp-default-debuginfo-4.12.14-122.60.1 dlm-kmp-default-4.12.14-122.60.1 dlm-kmp-default-debuginfo-4.12.14-122.60.1 gfs2-kmp-default-4.12.14-122.60.1 gfs2-kmp-default-debuginfo-4.12.14-122.60.1 kernel-default-debuginfo-4.12.14-122.60.1 kernel-default-debugsource-4.12.14-122.60.1 ocfs2-kmp-default-4.12.14-122.60.1 ocfs2-kmp-default-debuginfo-4.12.14-122.60.1 References: https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1046542 https://bugzilla.suse.com/1046648 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1074220 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104277 https://bugzilla.suse.com/1104279 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104742 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1174206 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178036 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1178900 https://bugzilla.suse.com/1179093 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179563 https://bugzilla.suse.com/1179573 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180912 https://bugzilla.suse.com/1181001 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181170 https://bugzilla.suse.com/1181230 https://bugzilla.suse.com/1181231 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181553 From sle-security-updates at lists.suse.com Tue Feb 9 20:26:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 21:26:27 +0100 (CET) Subject: SUSE-SU-2021:0355-1: important: Security update for python Message-ID: <20210209202627.F25EBFFB1@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0355-1 Rating: important References: #1176262 #1180686 #1181126 Cross-References: CVE-2019-20916 CVE-2021-3177 CVSS scores: CVE-2019-20916 (NVD): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2021-3177 (NVD): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3177 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-355=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-355=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-355=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-355=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-355=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-355=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-355=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-355=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-355=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-355=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-355=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-355=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-355=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-355=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-355=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-355=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-355=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Manager Proxy 4.0 (x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 - SUSE CaaS Platform 4.0 (x86_64): libpython2_7-1_0-2.7.17-7.52.2 libpython2_7-1_0-debuginfo-2.7.17-7.52.2 python-2.7.17-7.52.2 python-base-2.7.17-7.52.2 python-base-debuginfo-2.7.17-7.52.2 python-base-debugsource-2.7.17-7.52.2 python-curses-2.7.17-7.52.2 python-curses-debuginfo-2.7.17-7.52.2 python-debuginfo-2.7.17-7.52.2 python-debugsource-2.7.17-7.52.2 python-devel-2.7.17-7.52.2 python-gdbm-2.7.17-7.52.2 python-gdbm-debuginfo-2.7.17-7.52.2 python-tk-2.7.17-7.52.2 python-tk-debuginfo-2.7.17-7.52.2 python-xml-2.7.17-7.52.2 python-xml-debuginfo-2.7.17-7.52.2 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2021-3177.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1180686 https://bugzilla.suse.com/1181126 From sle-security-updates at lists.suse.com Tue Feb 9 20:27:57 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Feb 2021 21:27:57 +0100 (CET) Subject: SUSE-SU-2021:0354-1: important: Security update for the Linux Kernel Message-ID: <20210209202757.1AAFFFFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0354-1 Rating: important References: #1065600 #1149032 #1152472 #1152489 #1153274 #1154353 #1155518 #1163930 #1165545 #1167773 #1172355 #1175389 #1176395 #1176831 #1176846 #1178142 #1178631 #1179142 #1179396 #1179508 #1179509 #1179567 #1179572 #1179575 #1179878 #1180008 #1180130 #1180264 #1180412 #1180759 #1180765 #1180773 #1180809 #1180812 #1180848 #1180859 #1180889 #1180891 #1180971 #1181014 #1181018 #1181077 #1181104 #1181148 #1181158 #1181161 #1181169 #1181203 #1181217 #1181218 #1181219 #1181220 #1181237 #1181318 #1181335 #1181346 #1181349 #1181425 #1181494 #1181504 #1181511 #1181538 #1181553 #1181584 #1181645 Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-29568 CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2020-25211 (NVD): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-29568 (NVD): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-0342 (NVD): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 56 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). The following non-security bugs were fixed: - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: sysfs: Prefer "compatible" modalias (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: ak4458: correct reset polarity (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - bitmap: remove unused function declaration (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/atomic: put state on error path (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - EDAC/amd64: Fix PCI component registration (bsc#1152489). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ("kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.") - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - iio: ad5504: Fix setting power-down state (git-fixes). - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - kdb: Fix pager search for multi-line strings (git-fixes). - kgdb: Drop malformed kernel doc comment (git-fixes). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - lib/string: remove unnecessary #undefs (git-fixes). - lockd: do not use interval-based rebinding over TCP (for-next). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mmc: core: do not initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - module: delay kobject uevent until after module init call (bsc#1178631). - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: hns3: remove a misused pragma packed (bsc#1154353). - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - nfs_common: need lock during iterate through the list (for-next). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - PM: hibernate: flush swap writer after marking (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - power: vexpress: add suppress_bind_attrs to true (git-fixes). - prom_init: enable verbose prints (bsc#1178142 bsc#1180759). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - r8169: work around power-saving bug on some chip versions (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - Revive usb-audio Keep Interface mixer (bsc#1181014). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355). - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - selftests: net: fib_tests: remove duplicate log test (git-fixes). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb" (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: enable super speed plus (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - x86/resctrl: Do not move a task to the same resource group (bsc#1152489). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/privcmd: allow fetching resource sizes (bsc#1065600). - xfs: show the proper user quota options (bsc#1181538). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-354=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-354=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-354=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-354=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-354=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-354=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.49.2 kernel-default-debugsource-5.3.18-24.49.2 kernel-default-extra-5.3.18-24.49.2 kernel-default-extra-debuginfo-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.49.2 kernel-default-debugsource-5.3.18-24.49.2 kernel-default-livepatch-5.3.18-24.49.2 kernel-default-livepatch-devel-5.3.18-24.49.2 kernel-livepatch-5_3_18-24_49-default-1-5.3.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-1-5.3.2 kernel-livepatch-SLE15-SP2_Update_10-debugsource-1-5.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.49.2 kernel-default-debugsource-5.3.18-24.49.2 reiserfs-kmp-default-5.3.18-24.49.2 reiserfs-kmp-default-debuginfo-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.49.2 kernel-obs-build-debugsource-5.3.18-24.49.2 kernel-syms-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.49.2 kernel-preempt-debugsource-5.3.18-24.49.2 kernel-preempt-devel-5.3.18-24.49.2 kernel-preempt-devel-debuginfo-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.49.3 kernel-source-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.49.2 kernel-default-base-5.3.18-24.49.2.9.21.2 kernel-default-debuginfo-5.3.18-24.49.2 kernel-default-debugsource-5.3.18-24.49.2 kernel-default-devel-5.3.18-24.49.2 kernel-default-devel-debuginfo-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.49.2 kernel-preempt-debuginfo-5.3.18-24.49.2 kernel-preempt-debugsource-5.3.18-24.49.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.49.2 kernel-macros-5.3.18-24.49.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.49.2 cluster-md-kmp-default-debuginfo-5.3.18-24.49.2 dlm-kmp-default-5.3.18-24.49.2 dlm-kmp-default-debuginfo-5.3.18-24.49.2 gfs2-kmp-default-5.3.18-24.49.2 gfs2-kmp-default-debuginfo-5.3.18-24.49.2 kernel-default-debuginfo-5.3.18-24.49.2 kernel-default-debugsource-5.3.18-24.49.2 ocfs2-kmp-default-5.3.18-24.49.2 ocfs2-kmp-default-debuginfo-5.3.18-24.49.2 References: https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1163930 https://bugzilla.suse.com/1165545 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1172355 https://bugzilla.suse.com/1175389 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178142 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179396 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179567 https://bugzilla.suse.com/1179572 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180264 https://bugzilla.suse.com/1180412 https://bugzilla.suse.com/1180759 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180773 https://bugzilla.suse.com/1180809 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180848 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180889 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180971 https://bugzilla.suse.com/1181014 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181077 https://bugzilla.suse.com/1181104 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1181169 https://bugzilla.suse.com/1181203 https://bugzilla.suse.com/1181217 https://bugzilla.suse.com/1181218 https://bugzilla.suse.com/1181219 https://bugzilla.suse.com/1181220 https://bugzilla.suse.com/1181237 https://bugzilla.suse.com/1181318 https://bugzilla.suse.com/1181335 https://bugzilla.suse.com/1181346 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181494 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181511 https://bugzilla.suse.com/1181538 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181584 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Wed Feb 10 06:41:43 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 07:41:43 +0100 (CET) Subject: SUSE-IU-2021:5-1: Security update of suse-sles-15-chost-byos-v20210202-hvm-ssd-x86_64 Message-ID: <20210210064143.61E19FF1F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-chost-byos-v20210202-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:5-1 Image Tags : suse-sles-15-chost-byos-v20210202-hvm-ssd-x86_64:20210202 Image Release : Severity : important Type : security References : 1027519 1047634 1050349 1093795 1094444 1108255 1108919 1111207 1112387 1116463 1123940 1125218 1135710 1136845 1141064 1141597 1145276 1148566 1153601 1155094 1170336 1173513 1173914 1174091 1174436 1174571 1174701 1175458 1176355 1176782 1177196 1177211 1177460 1177490 1178009 1178775 1178823 1178909 1179193 1179363 1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179516 1179630 1179824 1180138 1180225 1180377 1180603 1180603 1180684 1180685 1180687 1180885 1181090 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14145 CVE-2020-14422 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27619 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container suse-sles-15-chost-byos-v20210202-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3774-1 Released: Mon Dec 14 11:27:33 2020 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1047634,1050349,1093795,1094444,1108255,1108919,1111207,1112387,1116463,1123940,1125218,1141064,1153601,1170336,1173914,1177196 This update for kdump fixes the following issues: - Fix multipath configuration with `user_friendly_names` and/or aliases. (bsc#1111207, bsc#1125218, bsc#1153601) - Recover from missing `CRASHTIME=` in `VMCOREINFO`. (bsc#1112387) - Clean up the use of current vs. boot network interface names. (bsc#1094444, bsc#1116463, bsc#1141064) - Use a custom namespace for physical NICs. (bsc#1094444, bsc#1116463, bsc#1141064) - Add `:force` option to `KDUMP_NETCONFIG`. (bsc#1108919) - Add `fence_kdump_send` when `fence-agents` are installed. (bsc#1108919) - Use var for path of `fence_kdump_send` and remove the unnecessary `PRESCRIPT` check. (bsc#1108919) - Document kdump behaviour for `fence_kdump_send`. (bsc#1108919) - Restore only static routes in kdump initrd. (bsc#1093795) - Replace obsolete perl-Bootloader library with a simpler script. (bsc#1050349) - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Remove `noefi` and `acpi_rsdp` for EFI firmware. (bsc#1123940, bsc#1170336) - Add `skip_balance` option to BTRFS mounts. (bsc#1108255) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3803-1 Released: Tue Dec 15 09:40:41 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1176355 This update for rsyslog fixes the following issues: - Fixes a crash for imfile (bsc#1176355) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3882-1 Released: Fri Dec 18 16:47:31 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1148566,1173513,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3916-1 Released: Tue Dec 22 14:16:38 2020 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:76-1 Released: Tue Jan 12 10:25:26 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:177-1 Released: Wed Jan 20 11:18:03 2021 Summary: Recommended update for libselinux Type: recommended Severity: moderate References: 1135710,1136845,1180603 This update for libselinux fixes the following issue: Issues addressed: - Removed check for selinux-policy package as it is not shipped in this package(bsc#1136845). - Added check that restorecond is installed and enabled - adjusted licenses of packages. All packages are under Public Domain, only selinux-tools contains a GPL-2.0 tool. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) From sle-security-updates at lists.suse.com Wed Feb 10 06:43:07 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 07:43:07 +0100 (CET) Subject: SUSE-IU-2021:6-1: Security update of suse-sles-15-sp1-chost-byos-v20210202-gen2 Message-ID: <20210210064307.8CEF2FF1F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20210202-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:6-1 Image Tags : suse-sles-15-sp1-chost-byos-v20210202-gen2:20210202 Image Release : Severity : important Type : security References : 1002895 1014478 1040855 1044120 1044767 1050242 1050536 1050545 1050549 1054413 1055117 1056653 1056657 1056787 1064802 1065729 1066129 1067665 1084671 1089524 1094840 1099358 1099358 1101820 1103990 1103992 1104389 1104393 1107105 1109695 1109837 1110096 1111622 1111657 1111666 1112178 1112178 1112374 1115431 1115550 1116767 1118657 1119397 1121878 1122669 1123694 1125815 1125950 1125992 1126101 1129071 1129124 1129770 1132174 1132323 1132663 1132692 1132900 1134078 1136184 1136440 1136440 1136460 1136461 1136572 1138374 1138666 1139398 1139944 1140565 1141597 1141969 1142000 1142988 1144363 1144363 1144881 1144881 1144912 1145276 1145622 1146853 1146854 1148566 1148645 1149792 1150895 1151488 1152457 1153165 1154092 1154217 1155094 1155376 1156139 1156545 1157894 1158775 1159018 1160939 1160978 1161132 1161133 1162936 1162937 1163178 1163178 1163727 1164780 1165296 1165439 1167732 1168155 1169006 1170139 1170154 1170175 1170630 1171078 1171234 1171546 1171995 1172082 1172145 1172538 1172542 1172694 1172861 1172929 1173513 1173914 1174091 1174099 1174162 1174206 1174257 1174436 1174443 1174444 1174571 1174701 1174726 1174784 1174852 1174942 1175458 1175514 1175623 1175916 1176109 1176355 1176558 1176559 1176956 1177120 1177196 1177211 1177304 1177397 1177460 1177490 1177526 1177526 1177533 1177805 1177808 1177819 1177820 1178009 1178182 1178270 1178372 1178401 1178554 1178589 1178590 1178634 1178635 1178669 1178762 1178775 1178823 1178825 1178838 1178853 1178854 1178878 1178886 1178897 1178909 1178940 1178962 1179014 1179015 1179045 1179082 1179107 1179107 1179140 1179141 1179142 1179150 1179151 1179193 1179204 1179211 1179213 1179259 1179326 1179363 1179398 1179399 1179403 1179406 1179418 1179419 1179421 1179424 1179426 1179427 1179429 1179444 1179491 1179503 1179520 1179578 1179593 1179601 1179630 1179663 1179666 1179670 1179671 1179672 1179673 1179691 1179711 1179713 1179714 1179715 1179716 1179722 1179723 1179724 1179738 1179745 1179810 1179824 1179888 1179895 1179896 1179960 1179963 1180027 1180029 1180031 1180052 1180086 1180117 1180138 1180225 1180258 1180377 1180506 1180559 1180603 1180684 1180685 1180687 1180885 1181090 959556 982804 999200 CVE-2016-10745 CVE-2018-10903 CVE-2018-18074 CVE-2018-20669 CVE-2019-0816 CVE-2019-10906 CVE-2019-11236 CVE-2019-11324 CVE-2019-14853 CVE-2019-14859 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20934 CVE-2019-5010 CVE-2019-6470 CVE-2019-8341 CVE-2019-9740 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1747 CVE-2020-1971 CVE-2020-25669 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2020-8631 CVE-2020-8632 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20210202-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2430-1 Released: Wed Oct 24 13:05:18 2018 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1101820,CVE-2018-10903 This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2873-1 Released: Fri Dec 7 13:27:36 2018 Summary: Recommended update for python-cffi Type: recommended Severity: moderate References: 1111657 This update for python-cffi fixes the following issues: - Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1156-1 Released: Mon May 6 13:46:07 2019 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341 This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1487-1 Released: Thu Jun 13 09:40:56 2019 Summary: Security update for python-requests Type: security Severity: moderate References: 1111622,CVE-2018-18074 This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2005-1 Released: Mon Jul 29 13:02:15 2019 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440 This update for cloud-init fixes the following issues: - Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692) - Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950) - Improved the writing of route config files to avoid issues (bsc#1125992) - Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440) - Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878) - Added a fix to prevent the resolv.conf to be empty (bsc#1119397) - Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101) - Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694) Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2332-1 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2422-1 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Type: recommended Severity: moderate References: 1150895 This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2494-1 Released: Mon Sep 30 16:22:20 2019 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1141969,1144363,1144881 This update for cloud-init provides the following fixes: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969) - The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2645-1 Released: Fri Oct 11 17:11:23 2019 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1149792 This update for python-cryptography fixes the following issues: - Adds compatibility to openSSL 1.1.1d (bsc#1149792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2657-1 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Type: security Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2891-1 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Type: security Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3096-1 Released: Thu Nov 28 16:48:21 2019 Summary: Security update for cloud-init Type: security Severity: moderate References: 1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816 This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124). Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988). - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:119-1 Released: Thu Jan 16 15:42:39 2020 Summary: Recommended update for python-jsonpatch Type: recommended Severity: moderate References: 1160978 This update for python-jsonpatch fixes the following issues: - Drop jsondiff binary to avoid conflict with python-jsondiff package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:245-1 Released: Tue Jan 28 09:42:30 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1155376,1156139,1157894,1161132,1161133 This update for cloud-init fixes the following issues: - Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133) - Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139) - The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376) - Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:498-1 Released: Wed Feb 26 17:59:44 2020 Summary: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized Type: recommended Severity: moderate References: 1122669,1136184,1146853,1146854,1159018 This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues: python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507): Upgrade to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications python-cfn-lint was added in version 0.21.4: - Add upstream patch to fix EOL dates for lambda runtimes - Add upstream patch to fix test_config_expand_paths test - Rename to python-cfn-lint. This package has a python API, which is required by python-moto. Update to version 0.21.4: + Features * Include more resource types in W3037 + CloudFormation Specifications * Add Resource Type `AWS::CDK::Metadata` + Fixes * Uncap requests dependency in setup.py * Check Join functions have lists in the correct sections * Pass a parameter value for AutoPublishAlias when doing a Transform * Show usage examples when displaying the help Update to version 0.21.3 + Fixes * Support dumping strings for datetime objects when doing a Transform Update to version 0.21.2 + CloudFormation Specifications * Update CloudFormation specs to 3.3.0 * Update instance types from pricing API as of 2019.05.23 Update to version 0.21.1 + Features * Add `Info` logging capability and set the default logging to `NotSet` + Fixes * Only do rule logging (start/stop/time) when the rule is going to be called * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub` * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub` * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type Update to version 0.21.0 + Features * New rule E3038 to check if a Serverless resource includes the appropriate Transform * New rule E2531 to validate a Lambda's runtime against the deprecated dates * New rule W2531 to validate a Lambda's runtime against the EOL dates * Update rule E2541 to include updates to Code Pipeline capabilities * Update rule E2503 to include checking of values for load balancer attributes + CloudFormation Specifications * Update CloudFormation specs to 3.2.0 * Update instance types from pricing API as of 2019.05.20 + Fixes * Include setuptools in setup.py requires Update to version 0.20.3 + CloudFormation Specifications * Update instance types from pricing API as of 2019.05.16 + Fixes * Update E7001 to allow float/doubles for mapping values * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore Update to version 0.20.2 + Features * Add support for List Parameter types + CloudFormation Specifications * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet * Create new property type for Security Group IDs or Names * Add new Lambda runtime environment for NodeJs 10.x * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive * Update Glue Crawler Role to take an ARN or a name * Remove PrimitiveType from MaintenanceWindowTarget Targets * Add Min/Max values for Load Balancer Ports to be between 1-65535 + Fixes * Include License file in the pypi package to help with downstream projects * Filter out dynamic references from rule E3031 and E3030 * Convert Python linting and Code Coverage from Python 3.6 to 3.7 Update to version 0.20.1 + Fixes * Update rule E8003 to support more functions inside a Fn::Equals Update to version 0.20.0 + Features * Allow a rule's exception to be defined in a resource's metadata * Add rule configuration capabilities * Update rule E3012 to allow for non strict property checking * Add rule E8003 to test Fn::Equals structure and syntax * Add rule E8004 to test Fn::And structure and syntax * Add rule E8005 to test Fn::Not structure and syntax * Add rule E8006 to test Fn::Or structure and syntax * Include Path to error in the JSON output * Update documentation to describe how to install cfn-lint from brew + CloudFormation Specifications * Update CloudFormation specs to version 3.0.0 * Add new region ap-east-1 * Add list min/max and string min/max for CloudWatch Alarm Actions * Add allowed values for EC2::LaunchTemplate * Add allowed values for EC2::Host * Update allowed values for Amazon MQ to include 5.15.9 * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions * Add AWS::EC2::VPCEndpointService to all regions * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets * Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit. + Fixes * Fix rule E3033 to check the string size when the string is inside a list * Fix an issue in which AWS::NotificationARNs was not a list * Add AWS::EC2::Volume to rule W3010 * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger * Fix rule W3010 to not error when the availability zone is 'all' Update to version 0.19.1 + Fixes * Fix core Condition processing to support direct Condition in another Condition * Fix the W2030 to check numbers against string allowed values Update to version 0.19.0 + Features * Add NS and PTR Route53 record checking to rule E3020 * New rule E3050 to check if a Ref to IAM Role has a Role path of '/' * New rule E3037 to look for duplicates in a list that doesn't support duplicates * New rule I3037 to look for duplicates in a list when duplicates are allowed + CloudFormation Specifications * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume * Add Min/max values to AWS::Budgets::Budget.Notification Threshold * Update RDS Instance types by database engine and license definitions using the pricing API * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN * Update AWS::ECS::Service Role to support Role Name or ARN + Fixes * Update E3025 to support the new structure of data in the RDS instance type json * Update E2540 to remove all nested conditions from the object * Update E3030 to not do strict type checking * Update E3020 to support conditions nested in the record sets * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats Update to version 0.18.1 + CloudFormation Specifications * Update CloudFormation Specs to 2.30.0 * Fix IAM Regex Path to support more character types * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn * Allow VPC IDs to Ref a Parameter of type String + Fixes * Fix E3502 to check the size of the property instead of the parent object Update to version 0.18.0 + Features * New rule E3032 to check the size of lists * New rule E3502 to check JSON Object Size using definitions in the spec file * New rule E3033 to test the minimum and maximum length of a string * New rule E3034 to validate the min and max of a number * Remove Ebs Iops check from E2504 and use rule E3034 instead * Remove rule E2509 and use rule E3033 instead * Remove rule E2508 as it replaced by E3032 and E3502 * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs * SAM requirement upped to minimal version of 1.10.0 + CloudFormation Specifications * Extend specs to include: > `ListMin` and `ListMax` for the minimum and maximum size of a list > `JsonMax` to check the max size of a JSON Object > `StringMin` and `StringMax` to check the minimum and maximum length of a String > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance * Add AllowedValues for the AWS::GuardDuty Resources * Add AllowedValues for AWS::EC2 VPC and VPN Resources * Switch IAM Instance Profiles for certain resources to the type that only takes the name * Add regex pattern for IAM Instance Profile when a name (not Arn) is used * Add regex pattern for IAM Paths * Add Regex pattern for IAM Role Arn * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2 + Fixes * Fix serverless transform to use DefinitionBody when Auth is in the API definition * Fix rule W2030 to not error when checking SSM or List Parameters Update to version 0.17.1 + Features * Update rule E2503 to make sure NLBs don't have a Security Group configured + CloudFormation Specifications * Add all the allowed values of the `AWS::Glue` Resources * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics` * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic` * Update CloudFormation specs to 2.29.0 * Fix type with MariaDB in the AllowedValues * Update pricing information for data available on 2018.3.29 + Fixes * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+` * Fix rule E2532 to allow for `Parameters` inside a `Pass` action * Fix an issue when getting the location of an error in which numbers are causing an attribute error Update to version 0.17.0 + Features * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released * Add new rule W3037 to validate IAM resource policies. Status: Experimental * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released + CloudFormation Specifications * Update Spec files to 2.28.0 * Add all the allowed values of the AWS::Redshift::* Resources * Add all the allowed values of the AWS::Neptune::* Resources * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required + Fixes * Remove extra blank lines when there is no errors in the output * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition * Update rule E1029 to allow for literals in a Sub * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check * Correct typos for errors in rule W1001 * Switch from parsing a template as Yaml to Json when finding an escape character * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers * Fix an issue with rule E2541 when non strings were used for Stage Names Update to version 0.16.0 + Features * Add rule E3031 to look for regex patterns based on the patched spec file * Remove regex checks from rule E2509 * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting + CloudFormation Specifications * Update Spec files to 2.26.0 * Add all the allowed values of the AWS::DirectoryService::* Resources * Add all the allowed values of the AWS::DynamoDB::* Resources * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2 * Patch the spec file with regex patterns * Add all the allowed values of the AWS::DocDb::* Resources + Fixes * Update rule E2504 to have '20000' as the max value * Update rule E1016 to not allow ImportValue inside of Conditions * Update rule E2508 to check conditions when providing limit checks on managed policies * Convert unicode to strings when in Py 3.4/3.5 and updating specs * Convert from `awslabs` to `aws-cloudformation` organization * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0 Update to version 0.15.0 + Features * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST + CloudFormation Specifications * Update Spec files to 2.24.0 * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName * Add all the allowed values of the AWS::CloudFront::* Resources * Add all the allowed values of the AWS::DAX::* Resources + Fixes * Update config parsing to use the builtin Yaml decoder * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules * Update rule E1029 to better check Resource strings inside IAM Policies * Improve the line/column information of a Match with array support Update to version 0.14.1 + CloudFormation Specifications * Update CloudFormation Specs to version 2.23.0 * Add allowed values for AWS::Config::* resources * Add allowed values for AWS::ServiceDiscovery::* resources * Fix allowed values for Apache MQ + Fixes * Update rule E3008 to not error when using a list from a custom resource * Support simple types in the CloudFormation spec * Add tests for the formatters Update to version 0.14.0 + Features * Add rule E3035 to check the values of DeletionPolicy * Add rule E3036 to check the values of UpdateReplacePolicy * Add rule E2014 to check that there are no REFs in the Parameter section * Update rule E2503 to support TLS on NLBs + CloudFormation Specifications * Update CloudFormation spec to version 2.22.0 * Add allowed values for AWS::Cognito::* resources + Fixes * Update rule E3002 to allow GetAtts to Custom Resources under a Condition Update to version 0.13.2 + Features * Introducing the cfn-lint logo! * Update SAM dependency version + Fixes * Fix CloudWatchAlarmComparisonOperator allowed values. * Fix typo resoruce_type_spec in several files * Better support for nested And, Or, and Not when processing Conditions Update to version 0.13.1 + CloudFormation Specifications * Add allowed values for AWS::CloudTrail::Trail resources * Patch spec to have AWS::CodePipeline::CustomActionType Version included + Fixes * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified Update to version 0.13.0 + Features * New rule W1011 to check if a FindInMap is using the correct map name and keys * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used * Removed logic in E1011 and moved it to W1011 for validating keys * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne * Update rule E2505 to check the netmask bit * Include the ability to update the CloudFormation Specs using the Pricing API + CloudFormation Specifications * Update to version 2.21.0 * Add allowed values for AWS::Budgets::Budget * Add allowed values for AWS::CertificateManager resources * Add allowed values for AWS::CodePipeline resources * Add allowed values for AWS::CodeCommit resources * Add allowed values for EC2 InstanceTypes from pricing API * Add allowed values for RedShift InstanceTypes from pricing API * Add allowed values for MQ InstanceTypes from pricing API * Add allowed values for RDS InstanceTypes from pricing API + Fixes * Fixed README indentation issue with .pre-commit-config.yaml * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record * Update rule E3001 to support UpdateReplacePolicy * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content - Initial build + Version 0.12.1 Update to 0.9.1 * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: - List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) aws-cli was updated to version 1.16.223: For detailed changes see the changes entries: https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs and adding features (bsc#1146853, bsc#1146854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:751-1 Released: Mon Mar 23 16:32:44 2020 Summary: Security update for cloud-init Type: security Severity: moderate References: 1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632 This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:959-1 Released: Wed Apr 8 12:59:50 2020 Summary: Security update for python-PyYAML Type: security Severity: important References: 1165439,CVE-2020-1747 This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1000-1 Released: Wed Apr 15 14:18:57 2020 Summary: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Type: recommended Severity: moderate References: 1014478,1054413,1140565,982804,999200 This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1056-1 Released: Tue Apr 21 16:26:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1099358,1144881,1145622,1148645,1163178,1165296 This update for cloud-init contains the following fixes: - Update previous patches with the following additions: + In cases where the config contains 2 or more default gateway specifications for an interface only write the first default route, log warning message about skipped routes + Avoid writing invalid route specification if neither the network nor destination is specified in the route configuration + Still need to consider the 'network' configuration uption for the v1 config implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42. + Add the default gateway to the ifroute config file when specified as part of the subnet configuration. (bsc#1165296) + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296) + Fix for default gateway and IPv6. (bsc#1144881) + Routes will be written if there is only a default gateway. (bsc#1148645) - BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through the -mini flavor. - Update to cloud-init 19.2. (bsc#1099358, bsc#1145622) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1496-1 Released: Wed May 27 20:30:31 2020 Summary: Recommended update for python-requests Type: recommended Severity: low References: 1170175 This update for python-requests fixes the following issues: - Fix for warnings 'test fails to build' for python http. (bsc#1170175) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1885-1 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1170154,1171546,1171995 This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1986-1 Released: Tue Jul 21 16:06:29 2020 Summary: Recommended update for openvswitch Type: recommended Severity: moderate References: 1172861,1172929 This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3323-1 Released: Fri Nov 13 15:25:55 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1174443,1174444,1177526 This update for cloud-init contains the following fixes: + Avoid exception if no gateway information is present and warning is triggered for existing routing. (bsc#1177526) Update to version 20.2 (bsc#1174443, bsc#1174444) + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Goneri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Goneri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file 'size' being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Goneri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Goneri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Goneri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Goneri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Goneri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Goneri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Goneri Le Bouder] + Add Netbsd support (#62) [Goneri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta ??? data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Gali??] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace 'from six import X' imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Goneri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Gali??] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Goneri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Goneri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Goneri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3608-1 Released: Wed Dec 2 18:16:12 2020 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1177526,1179150,1179151 This update for cloud-init contains the following fixes: - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3718-1 Released: Wed Dec 9 10:31:01 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1174726,1175916,1176109,1177304,1177397,1177805,1177808,1177819,1177820,1178182,1178589,1178635,1178669,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179403,1179406,1179418,1179421,1179424,1179426,1179427,1179429,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kABI workaround for usermodehelper changes (bsc#1179406). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3750-1 Released: Fri Dec 11 08:53:26 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1156545 This update for open-lldp fixes the following issue: - Update from version 1.0.1+63.f977e67 to version v1.0.1+64.29d12e584af1 - Prevent double definition of `ETH_P_LLDP` when building on new kernels (bsc#1156545) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3751-1 Released: Fri Dec 11 08:53:40 2020 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1173914,1177196 This update for kdump fixes the following issues: - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3803-1 Released: Tue Dec 15 09:40:41 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1176355 This update for rsyslog fixes the following issues: - Fixes a crash for imfile (bsc#1176355) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3866-1 Released: Thu Dec 17 12:06:08 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1115550,1139398,1142000,1148566,1173513,1174162,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000) - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). - Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162). - Added speculative hardening for key storage (bsc#1139398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:118-1 Released: Thu Jan 14 06:16:26 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - Avoid a GCC warning about '/*' within a comment. - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:178-1 Released: Wed Jan 20 13:38:02 2021 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1160939,1168155,1171234,1172082,1174099,959556 This update for wicked fixes the following issues: - Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099) - Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770) - Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082) - Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234) - Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556) - Implement support for RFC7217. (jsc#SLE-6960) - Fix for schema to avoid not applying 'rto_min' including new time format. (bsc#1160939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:221-1 Released: Tue Jan 26 14:31:39 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:266-1 Released: Mon Feb 1 21:02:37 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1177533,1179326,1179691,1179738 This update for lvm2 fixes the following issue: - Fixes an issue when boot logical volume gets unmounted during patching. (bsc#1177533) - Fix for lvm2 to use 'external_device_info_source='udev'' by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) - Fixed an issue when after storage migration major performance issues occurred on the system. (bsc#1179326) From sle-security-updates at lists.suse.com Wed Feb 10 06:48:24 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 07:48:24 +0100 (CET) Subject: SUSE-IU-2021:7-1: Security update of suse-sles-15-sp2-chost-byos-v20210202-gen2 Message-ID: <20210210064824.F31F5FF1F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210202-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:7-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210202-gen2:20210202 Image Release : Severity : important Type : security References : 1027519 1040855 1044120 1044767 1050625 1055117 1065729 1084671 1094840 1098449 1109695 1115431 1138374 1139944 1141597 1142248 1144793 1149032 1149032 1152457 1152472 1152489 1152489 1153274 1154353 1155094 1155518 1155518 1156315 1156395 1158775 1160634 1161099 1163727 1165933 1166146 1166166 1167030 1167657 1167773 1168771 1168952 1169006 1170139 1171000 1171073 1171078 1171558 1171688 1171883 1172145 1172695 1172733 1172873 1173504 1173513 1174016 1174091 1174206 1174257 1174436 1174486 1174508 1174571 1174701 1174852 1174942 1175079 1175306 1175458 1175480 1175514 1175623 1175918 1175995 1176109 1176180 1176200 1176396 1176481 1176586 1176606 1176782 1176855 1176942 1176956 1176983 1177066 1177070 1177120 1177211 1177238 1177261 1177275 1177326 1177353 1177397 1177427 1177460 1177490 1177500 1177533 1177577 1177583 1177600 1177658 1177666 1177666 1177679 1177703 1177733 1177820 1177870 1178009 1178049 1178123 1178182 1178203 1178227 1178270 1178286 1178304 1178330 1178346 1178372 1178393 1178401 1178426 1178461 1178554 1178579 1178581 1178584 1178585 1178589 1178590 1178612 1178634 1178635 1178653 1178659 1178660 1178661 1178669 1178686 1178740 1178755 1178756 1178762 1178775 1178780 1178823 1178825 1178838 1178853 1178886 1178909 1178910 1178966 1179001 1179012 1179014 1179015 1179045 1179076 1179082 1179083 1179107 1179107 1179140 1179141 1179160 1179193 1179201 1179204 1179211 1179217 1179222 1179225 1179363 1179398 1179399 1179415 1179419 1179419 1179424 1179425 1179426 1179427 1179429 1179432 1179434 1179435 1179440 1179442 1179491 1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179516 1179519 1179550 1179575 1179578 1179593 1179601 1179604 1179630 1179639 1179652 1179656 1179670 1179671 1179672 1179673 1179675 1179676 1179677 1179678 1179679 1179680 1179681 1179682 1179683 1179684 1179685 1179687 1179688 1179689 1179690 1179691 1179703 1179704 1179707 1179709 1179710 1179711 1179712 1179713 1179714 1179715 1179716 1179738 1179745 1179763 1179816 1179824 1179888 1179892 1179896 1179908 1179909 1179960 1179963 1180027 1180029 1180031 1180052 1180056 1180077 1180086 1180117 1180119 1180138 1180225 1180258 1180261 1180377 1180506 1180541 1180559 1180566 1180603 1180663 1180684 1180685 1180687 1180721 1180885 1181090 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436 CVE-2020-15437 CVE-2020-1971 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619 CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210202-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3736-1 Released: Wed Dec 9 18:19:58 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1173513,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3748-1 Released: Thu Dec 10 14:04:28 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3756-1 Released: Fri Dec 11 09:12:36 2020 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1177261,1177600 This update for hwinfo fixes the following issues: - Fixed an issue where the DPAA2 network did not come up (bsc#1177600, bsc#1177261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3915-1 Released: Tue Dec 22 14:16:27 2020 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3923-1 Released: Tue Dec 22 15:22:42 2020 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1174508,1176606 This update for kexec-tools fixes the following issues: - Xen 4.7 introduced _soft-reset_ for HVM domUs. (bsc#1176606, bsc#1174508) This host feature removes the requirement to _un-ballon_ the `domU` prior `kexec`. With Xen 4.13 _cpuid faulting_ became the default, which affects the approach used before to detect the _domU_ type. As a result, invoking kexec in _dom0_ failed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:10-1 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:73-1 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: low References: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:117-1 Released: Thu Jan 14 06:14:36 2021 Summary: Security update for the Linux Kernel Type: security Severity: moderate References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020- 27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove 'default m' (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize 'tmp' before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:127-1 Released: Thu Jan 14 10:30:23 2021 Summary: Security update for open-iscsi Type: security Severity: important References: 1179440,1179908 This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login 'no_wait' for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:227-1 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Type: security Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:239-1 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1174206 This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:264-1 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1142248,1177870,1180119 This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) From sle-security-updates at lists.suse.com Wed Feb 10 14:19:06 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:19:06 +0100 (CET) Subject: SUSE-SU-2021:0367-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP2) Message-ID: <20210210141906.3D6F7FFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0367-1 Rating: important References: #1179664 #1179779 #1179877 #1180008 #1180030 #1180032 #1180562 Cross-References: CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29373 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVSS scores: CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29373 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_15 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations (bsc#1179779). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-365=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-366=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-367=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-368=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-7-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-7-5.2 kernel-livepatch-5_3_18-24_12-default-5-2.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_15-default-5-2.1 kernel-livepatch-5_3_18-24_15-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_9-default-6-2.1 kernel-livepatch-5_3_18-24_9-default-debuginfo-6-2.1 kernel-livepatch-SLE15-SP2_Update_0-debugsource-7-5.2 kernel-livepatch-SLE15-SP2_Update_1-debugsource-6-2.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_3-debugsource-5-2.1 References: https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1179779 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180562 From sle-security-updates at lists.suse.com Wed Feb 10 14:22:46 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:22:46 +0100 (CET) Subject: SUSE-SU-2021:0359-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP2) Message-ID: <20210210142246.68ECAFFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0359-1 Rating: important References: #1179664 #1179779 #1180008 Cross-References: CVE-2020-29368 CVE-2020-29373 CVE-2020-29569 CVSS scores: CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29373 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_46 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations (bsc#1179779). - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-359=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_46-default-2-2.1 kernel-livepatch-5_3_18-24_46-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_9-debugsource-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29569.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1179779 https://bugzilla.suse.com/1180008 From sle-security-updates at lists.suse.com Wed Feb 10 14:24:04 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:24:04 +0100 (CET) Subject: SUSE-SU-2021:0362-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP2) Message-ID: <20210210142404.E2D19FFB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0362-1 Rating: important References: #1179664 #1179779 #1179877 #1180008 #1180032 #1180562 Cross-References: CVE-2020-0466 CVE-2020-29368 CVE-2020-29373 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVSS scores: CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29373 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_34 fixes several issues. The following security issues were fixed: - CVE-2020-29373: Fixed an issue where kernel unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations (bsc#1179779). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-360=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-361=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-362=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-363=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-364=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_24-default-5-2.1 kernel-livepatch-5_3_18-24_24-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_29-default-3-2.1 kernel-livepatch-5_3_18-24_29-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_34-default-3-2.1 kernel-livepatch-5_3_18-24_34-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_37-default-3-2.1 kernel-livepatch-5_3_18-24_37-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_43-default-2-2.1 kernel-livepatch-5_3_18-24_43-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_4-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_5-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_6-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_7-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_8-debugsource-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1179779 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180562 From sle-security-updates at lists.suse.com Wed Feb 10 14:27:26 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:27:26 +0100 (CET) Subject: SUSE-SU-2021:0408-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) Message-ID: <20210210142726.D1184FFB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0408-1 Rating: important References: #1179877 #1180008 #1180030 #1180032 #1180562 Cross-References: CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVSS scores: CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_121 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-404=1 SUSE-SLE-SAP-12-SP3-2021-405=1 SUSE-SLE-SAP-12-SP3-2021-406=1 SUSE-SLE-SAP-12-SP3-2021-407=1 SUSE-SLE-SAP-12-SP3-2021-408=1 SUSE-SLE-SAP-12-SP3-2021-409=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-410=1 SUSE-SLE-SAP-12-SP2-2021-411=1 SUSE-SLE-SAP-12-SP2-2021-412=1 SUSE-SLE-SAP-12-SP2-2021-413=1 SUSE-SLE-SAP-12-SP2-2021-414=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-404=1 SUSE-SLE-SERVER-12-SP3-2021-405=1 SUSE-SLE-SERVER-12-SP3-2021-406=1 SUSE-SLE-SERVER-12-SP3-2021-407=1 SUSE-SLE-SERVER-12-SP3-2021-408=1 SUSE-SLE-SERVER-12-SP3-2021-409=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-410=1 SUSE-SLE-SERVER-12-SP2-2021-411=1 SUSE-SLE-SERVER-12-SP2-2021-412=1 SUSE-SLE-SERVER-12-SP2-2021-413=1 SUSE-SLE-SERVER-12-SP2-2021-414=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-7-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-7-2.2 kgraft-patch-4_4_180-94_121-default-6-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_124-default-6-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_127-default-6-2.1 kgraft-patch-4_4_180-94_127-default-debuginfo-6-2.1 kgraft-patch-4_4_180-94_130-default-5-2.1 kgraft-patch-4_4_180-94_130-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_135-default-3-2.1 kgraft-patch-4_4_180-94_135-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-8-2.2 kgraft-patch-4_4_121-92_135-default-6-2.2 kgraft-patch-4_4_121-92_138-default-6-2.1 kgraft-patch-4_4_121-92_141-default-5-2.1 kgraft-patch-4_4_121-92_146-default-3-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-7-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-7-2.2 kgraft-patch-4_4_180-94_121-default-6-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_124-default-6-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_127-default-6-2.1 kgraft-patch-4_4_180-94_127-default-debuginfo-6-2.1 kgraft-patch-4_4_180-94_130-default-5-2.1 kgraft-patch-4_4_180-94_130-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_135-default-3-2.1 kgraft-patch-4_4_180-94_135-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-8-2.2 kgraft-patch-4_4_121-92_135-default-6-2.2 kgraft-patch-4_4_121-92_138-default-6-2.1 kgraft-patch-4_4_121-92_141-default-5-2.1 kgraft-patch-4_4_121-92_146-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180562 From sle-security-updates at lists.suse.com Wed Feb 10 14:29:06 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:29:06 +0100 (CET) Subject: SUSE-SU-2021:0386-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP5) Message-ID: <20210210142906.3E71CFFB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0386-1 Rating: important References: #1179664 #1180008 Cross-References: CVE-2020-29368 CVE-2020-29569 CVSS scores: CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_57 fixes several issues. The following security issues were fixed: - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-369=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-386=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_78-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_57-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29569.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1180008 From sle-security-updates at lists.suse.com Wed Feb 10 14:31:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 15:31:27 +0100 (CET) Subject: SUSE-SU-2021:0377-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) Message-ID: <20210210143127.96042FFB2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0377-1 Rating: important References: #1179664 #1179877 #1180008 #1180030 #1180032 #1180562 Cross-References: CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVSS scores: CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_48 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-370=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-371=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-372=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-373=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-374=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-375=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-376=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-377=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-378=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-379=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-380=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-381=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-382=1 SUSE-SLE-Module-Live-Patching-15-2021-383=1 SUSE-SLE-Module-Live-Patching-15-2021-384=1 SUSE-SLE-Module-Live-Patching-15-2021-385=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-387=1 SUSE-SLE-Live-Patching-12-SP5-2021-388=1 SUSE-SLE-Live-Patching-12-SP5-2021-389=1 SUSE-SLE-Live-Patching-12-SP5-2021-390=1 SUSE-SLE-Live-Patching-12-SP5-2021-391=1 SUSE-SLE-Live-Patching-12-SP5-2021-392=1 SUSE-SLE-Live-Patching-12-SP5-2021-393=1 SUSE-SLE-Live-Patching-12-SP5-2021-394=1 SUSE-SLE-Live-Patching-12-SP5-2021-395=1 SUSE-SLE-Live-Patching-12-SP5-2021-396=1 SUSE-SLE-Live-Patching-12-SP5-2021-397=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-398=1 SUSE-SLE-Live-Patching-12-SP4-2021-399=1 SUSE-SLE-Live-Patching-12-SP4-2021-400=1 SUSE-SLE-Live-Patching-12-SP4-2021-401=1 SUSE-SLE-Live-Patching-12-SP4-2021-402=1 SUSE-SLE-Live-Patching-12-SP4-2021-403=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_34-default-9-2.2 kernel-livepatch-4_12_14-197_37-default-9-2.2 kernel-livepatch-4_12_14-197_40-default-8-2.2 kernel-livepatch-4_12_14-197_45-default-6-2.2 kernel-livepatch-4_12_14-197_48-default-6-2.1 kernel-livepatch-4_12_14-197_51-default-6-2.1 kernel-livepatch-4_12_14-197_56-default-5-2.1 kernel-livepatch-4_12_14-197_61-default-4-2.1 kernel-livepatch-4_12_14-197_64-default-3-2.1 kernel-livepatch-4_12_14-197_67-default-3-2.1 kernel-livepatch-4_12_14-197_72-default-2-2.1 kernel-livepatch-4_12_14-197_75-default-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-6-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-6-2.2 kernel-livepatch-4_12_14-150_55-default-6-2.1 kernel-livepatch-4_12_14-150_55-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-150_58-default-5-2.1 kernel-livepatch-4_12_14-150_58-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-150_63-default-3-2.1 kernel-livepatch-4_12_14-150_63-default-debuginfo-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_17-default-9-2.2 kgraft-patch-4_12_14-122_20-default-8-2.2 kgraft-patch-4_12_14-122_23-default-6-2.2 kgraft-patch-4_12_14-122_26-default-6-2.2 kgraft-patch-4_12_14-122_29-default-6-2.1 kgraft-patch-4_12_14-122_32-default-6-2.1 kgraft-patch-4_12_14-122_37-default-5-2.1 kgraft-patch-4_12_14-122_41-default-4-2.1 kgraft-patch-4_12_14-122_46-default-3-2.1 kgraft-patch-4_12_14-122_51-default-3-2.1 kgraft-patch-4_12_14-122_54-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-8-2.2 kgraft-patch-4_12_14-95_54-default-6-2.2 kgraft-patch-4_12_14-95_57-default-6-2.1 kgraft-patch-4_12_14-95_60-default-5-2.1 kgraft-patch-4_12_14-95_65-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_48-default-9-2.2 References: https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-29368.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1179664 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180562 From sle-security-updates at lists.suse.com Wed Feb 10 20:16:04 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 21:16:04 +0100 (CET) Subject: SUSE-SU-2021:0425-1: important: Security update for subversion Message-ID: <20210210201604.0AF76FF1F@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0425-1 Rating: important References: #1181687 Cross-References: CVE-2020-17525 CVSS scores: CVE-2020-17525 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-425=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-425=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-425=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-425=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-425=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-425=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-425=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-425=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-425=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-425=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-425=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-425=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-425=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-425=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-425=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-425=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-425=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-425=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-425=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Manager Server 4.0 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Manager Retail Branch Server 4.0 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Manager Proxy 4.0 (x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Manager Proxy 4.0 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE Enterprise Storage 6 (noarch): subversion-bash-completion-1.10.6-3.15.1 - SUSE CaaS Platform 4.0 (x86_64): subversion-1.10.6-3.15.1 subversion-debuginfo-1.10.6-3.15.1 subversion-debugsource-1.10.6-3.15.1 subversion-devel-1.10.6-3.15.1 subversion-perl-1.10.6-3.15.1 subversion-perl-debuginfo-1.10.6-3.15.1 subversion-python-1.10.6-3.15.1 subversion-python-debuginfo-1.10.6-3.15.1 subversion-server-1.10.6-3.15.1 subversion-server-debuginfo-1.10.6-3.15.1 subversion-tools-1.10.6-3.15.1 subversion-tools-debuginfo-1.10.6-3.15.1 - SUSE CaaS Platform 4.0 (noarch): subversion-bash-completion-1.10.6-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-17525.html https://bugzilla.suse.com/1181687 From sle-security-updates at lists.suse.com Wed Feb 10 20:18:14 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 21:18:14 +0100 (CET) Subject: SUSE-SU-2021:0428-1: important: Security update for python36 Message-ID: <20210210201814.5985FFF1F@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0428-1 Rating: important References: #1176262 #1180686 #1181126 Cross-References: CVE-2019-20916 CVE-2021-3177 CVSS scores: CVE-2019-20916 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2021-3177 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3177 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python36 fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-428=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-4.33.1 libpython3_6m1_0-debuginfo-3.6.12-4.33.1 python36-3.6.12-4.33.3 python36-base-3.6.12-4.33.1 python36-base-debuginfo-3.6.12-4.33.1 python36-debuginfo-3.6.12-4.33.3 python36-debugsource-3.6.12-4.33.3 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2021-3177.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1180686 https://bugzilla.suse.com/1181126 From sle-security-updates at lists.suse.com Wed Feb 10 20:19:30 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 21:19:30 +0100 (CET) Subject: SUSE-SU-2021:0424-1: important: Security update for subversion Message-ID: <20210210201930.5F989FF1F@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0424-1 Rating: important References: #1181687 Cross-References: CVE-2020-17525 CVSS scores: CVE-2020-17525 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-424=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.3.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.3.1 subversion-1.10.6-3.3.1 subversion-debuginfo-1.10.6-3.3.1 subversion-debugsource-1.10.6-3.3.1 subversion-devel-1.10.6-3.3.1 subversion-perl-1.10.6-3.3.1 subversion-perl-debuginfo-1.10.6-3.3.1 subversion-python-1.10.6-3.3.1 subversion-python-debuginfo-1.10.6-3.3.1 subversion-server-1.10.6-3.3.1 subversion-server-debuginfo-1.10.6-3.3.1 subversion-tools-1.10.6-3.3.1 subversion-tools-debuginfo-1.10.6-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): subversion-bash-completion-1.10.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-17525.html https://bugzilla.suse.com/1181687 From sle-security-updates at lists.suse.com Wed Feb 10 20:22:46 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Feb 2021 21:22:46 +0100 (CET) Subject: SUSE-SU-2021:0427-1: important: Security update for the Linux Kernel Message-ID: <20210210202246.A74ACFF1F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0427-1 Rating: important References: #1065600 #1149032 #1152472 #1152489 #1153274 #1154353 #1155518 #1163930 #1165545 #1167773 #1172355 #1175389 #1176395 #1176831 #1176846 #1178142 #1178372 #1178631 #1178684 #1178995 #1179142 #1179396 #1179508 #1179509 #1179567 #1179572 #1179575 #1179878 #1180008 #1180130 #1180264 #1180412 #1180676 #1180759 #1180765 #1180773 #1180809 #1180812 #1180848 #1180859 #1180889 #1180891 #1180964 #1180971 #1181014 #1181018 #1181077 #1181104 #1181148 #1181158 #1181161 #1181169 #1181203 #1181217 #1181218 #1181219 #1181220 #1181237 #1181318 #1181335 #1181346 #1181349 #1181425 #1181494 #1181504 #1181511 #1181538 #1181544 #1181553 #1181584 #1181645 Cross-References: CVE-2020-25211 CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-0342 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). The following non-security bugs were fixed: - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: sysfs: Prefer "compatible" modalias (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - ASoC: ak4458: correct reset polarity (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - EDAC/amd64: Fix PCI component registration (bsc#1152489). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - PM: hibernate: flush swap writer after marking (git-fixes). - Revert "nfsd4: support change_attr_type attribute" (for-next). - Revive usb-audio Keep Interface mixer (bsc#1181014). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - bitmap: remove unused function declaration (git-fixes). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/atomic: put state on error path (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/gma500: fix double free of gma_connector (bsc#1152472) - drm/gma500: fix double free of gma_connector (git-fixes). - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - iio: ad5504: Fix setting power-down state (git-fixes). - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kdb: Fix pager search for multi-line strings (git-fixes). - kgdb: Drop malformed kernel doc comment (git-fixes). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - lib/string: remove unnecessary #undefs (git-fixes). - lockd: do not use interval-based rebinding over TCP (for-next). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - mmc: core: do not initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - module: delay kobject uevent until after module init call (bsc#1178631). - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: hns3: remove a misused pragma packed (bsc#1154353). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - nfs_common: need lock during iterate through the list (for-next). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (for-next). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - power: vexpress: add suppress_bind_attrs to true (git-fixes). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - prom_init: enable verbose prints (bsc#1178142 bsc#1180759). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - r8169: work around power-saving bug on some chip versions (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355). - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - selftests: net: fib_tests: remove duplicate log test (git-fixes). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb" (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: enable super speed plus (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - x86/resctrl: Do not move a task to the same resource group (bsc#1152489). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/privcmd: allow fetching resource sizes (bsc#1065600). - xfs: show the proper user quota options (bsc#1181538). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-427=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-25.1 kernel-source-rt-5.3.18-25.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-25.1 cluster-md-kmp-rt-debuginfo-5.3.18-25.1 dlm-kmp-rt-5.3.18-25.1 dlm-kmp-rt-debuginfo-5.3.18-25.1 gfs2-kmp-rt-5.3.18-25.1 gfs2-kmp-rt-debuginfo-5.3.18-25.1 kernel-rt-5.3.18-25.1 kernel-rt-debuginfo-5.3.18-25.1 kernel-rt-debugsource-5.3.18-25.1 kernel-rt-devel-5.3.18-25.1 kernel-rt-devel-debuginfo-5.3.18-25.1 kernel-rt_debug-debuginfo-5.3.18-25.1 kernel-rt_debug-debugsource-5.3.18-25.1 kernel-rt_debug-devel-5.3.18-25.1 kernel-rt_debug-devel-debuginfo-5.3.18-25.1 kernel-syms-rt-5.3.18-25.1 ocfs2-kmp-rt-5.3.18-25.1 ocfs2-kmp-rt-debuginfo-5.3.18-25.1 References: https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1163930 https://bugzilla.suse.com/1165545 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1172355 https://bugzilla.suse.com/1175389 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178142 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1178995 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179396 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179567 https://bugzilla.suse.com/1179572 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180264 https://bugzilla.suse.com/1180412 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1180759 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180773 https://bugzilla.suse.com/1180809 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180848 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180889 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180964 https://bugzilla.suse.com/1180971 https://bugzilla.suse.com/1181014 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181077 https://bugzilla.suse.com/1181104 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1181169 https://bugzilla.suse.com/1181203 https://bugzilla.suse.com/1181217 https://bugzilla.suse.com/1181218 https://bugzilla.suse.com/1181219 https://bugzilla.suse.com/1181220 https://bugzilla.suse.com/1181237 https://bugzilla.suse.com/1181318 https://bugzilla.suse.com/1181335 https://bugzilla.suse.com/1181346 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181494 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181511 https://bugzilla.suse.com/1181538 https://bugzilla.suse.com/1181544 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181584 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Wed Feb 10 23:15:56 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 00:15:56 +0100 (CET) Subject: SUSE-SU-2021:0430-1: Security update for MozillaFirefox Message-ID: <20210210231556.C233DFF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0430-1 Rating: low References: #1181848 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-430=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.1-8.29.1 MozillaFirefox-debuginfo-78.7.1-8.29.1 MozillaFirefox-debugsource-78.7.1-8.29.1 MozillaFirefox-devel-78.7.1-8.29.1 MozillaFirefox-translations-common-78.7.1-8.29.1 MozillaFirefox-translations-other-78.7.1-8.29.1 References: https://bugzilla.suse.com/1181848 From sle-security-updates at lists.suse.com Wed Feb 10 23:16:58 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 00:16:58 +0100 (CET) Subject: SUSE-SU-2021:0431-1: Security update for MozillaFirefox Message-ID: <20210210231658.0FCE6FF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0431-1 Rating: low References: #1181848 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-431=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-431=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.7.1-112.48.1 MozillaFirefox-debugsource-78.7.1-112.48.1 MozillaFirefox-devel-78.7.1-112.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.1-112.48.1 MozillaFirefox-debuginfo-78.7.1-112.48.1 MozillaFirefox-debugsource-78.7.1-112.48.1 MozillaFirefox-devel-78.7.1-112.48.1 MozillaFirefox-translations-common-78.7.1-112.48.1 References: https://bugzilla.suse.com/1181848 From sle-security-updates at lists.suse.com Thu Feb 11 14:17:25 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 15:17:25 +0100 (CET) Subject: SUSE-SU-2021:0434-1: important: Security update for the Linux Kernel Message-ID: <20210211141725.D1B6CFF1F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0434-1 Rating: important References: #1144912 #1149032 #1158775 #1163727 #1171979 #1176395 #1176846 #1176962 #1177304 #1177666 #1178036 #1178182 #1178198 #1178372 #1178589 #1178590 #1178684 #1178886 #1179107 #1179140 #1179141 #1179419 #1179429 #1179508 #1179509 #1179601 #1179616 #1179663 #1179666 #1179745 #1179877 #1179878 #1179895 #1179960 #1179961 #1180008 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180559 #1180562 #1180676 #1181001 #1181158 #1181349 #1181504 #1181553 #1181645 Cross-References: CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2019-20934 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-20934 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-25669 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27068 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27777 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 (NVD) : 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27825 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28915 (NVD) : 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28915 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 (NVD) : 5 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-28974 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-29371 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-default-devel-debuginfo-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-default-devel-debuginfo-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.68.1 kernel-default-base-4.12.14-95.68.1 kernel-default-base-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 kernel-default-devel-4.12.14-95.68.1 kernel-syms-4.12.14-95.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.68.1 kernel-macros-4.12.14-95.68.1 kernel-source-4.12.14-95.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.68.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.68.1 kernel-default-kgraft-devel-4.12.14-95.68.1 kgraft-patch-4_12_14-95_68-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.68.1 cluster-md-kmp-default-debuginfo-4.12.14-95.68.1 dlm-kmp-default-4.12.14-95.68.1 dlm-kmp-default-debuginfo-4.12.14-95.68.1 gfs2-kmp-default-4.12.14-95.68.1 gfs2-kmp-default-debuginfo-4.12.14-95.68.1 kernel-default-debuginfo-4.12.14-95.68.1 kernel-default-debugsource-4.12.14-95.68.1 ocfs2-kmp-default-4.12.14-95.68.1 ocfs2-kmp-default-debuginfo-4.12.14-95.68.1 References: https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1171979 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178036 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178198 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179961 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180028 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1181001 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Thu Feb 11 14:25:17 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 15:25:17 +0100 (CET) Subject: SUSE-SU-2021:0433-1: important: Security update for the Linux Kernel Message-ID: <20210211142517.208D5FFB1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0433-1 Rating: important References: #1046305 #1046306 #1046540 #1046542 #1046648 #1050242 #1050244 #1050536 #1050538 #1050545 #1056653 #1056657 #1056787 #1064802 #1066129 #1073513 #1074220 #1075020 #1086282 #1086301 #1086313 #1086314 #1098633 #1103990 #1103991 #1103992 #1104270 #1104277 #1104279 #1104353 #1104427 #1104742 #1104745 #1109837 #1111981 #1112178 #1112374 #1113956 #1119113 #1126206 #1126390 #1127354 #1127371 #1129770 #1136348 #1144912 #1149032 #1163727 #1172145 #1174206 #1176831 #1176846 #1178036 #1178049 #1178372 #1178631 #1178684 #1178900 #1179093 #1179508 #1179509 #1179563 #1179573 #1179575 #1179878 #1180008 #1180130 #1180559 #1180562 #1180676 #1180765 #1180812 #1180859 #1180891 #1180912 #1181001 #1181018 #1181170 #1181230 #1181231 #1181349 #1181425 #1181504 #1181553 #1181645 Cross-References: CVE-2020-25639 CVE-2020-27835 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-36158 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 75 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ASoC: Intel: haswell: Add missing pm_ops (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - EDAC/amd64: Fix PCI component registration (bsc#1112178). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#1103991). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (git-fixes). - NFS: nfs_igrab_and_active must first reference the superblock (git-fixes). - NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes). - NFSv4.2: condition READDIR's mask for security label based on LSM state (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1103992). - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742). - RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#1103992). - RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ). - RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306). - RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306). - RDMA/core: Fix reported speed and width (bsc#1046306 ). - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1103992). - RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ). - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427). - RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#1104427). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc#1126206). - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ). - RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#1104427). - RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#SLE-4684). - RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#SLE-4684). - RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ). - RDMA/mlx5: Fix typo in enum name (bsc#1103991). - RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991). - RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - USB: Skip endpoints with 0 maxpacket length (git-fixes). - USB: UAS: introduce a quirk to set no_write_same (git-fixes). - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: ldusb: use unsigned size format specifiers (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - __netif_receive_skb_core: pass skb by reference (bsc#1109837). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (bsc#1086282). - bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (bsc#1104745). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282). - bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - btrfs: add a flag to iterate_inodes_from_logical to find all - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206). - btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - caif: no need to check return value of debugfs_create functions (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - chelsio/chtls: correct function return and return type (bsc#1104270). - chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ). - chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ). - chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ). - chelsio/chtls: fix deadlock issue (bsc#1104270). - chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ). - chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ). - chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ). - chelsio/chtls: fix socket lock (bsc#1104270). - chelsio/chtls: fix tls record info to user (bsc#1104270 ). - chtls: Added a check to avoid NULL pointer dereference (bsc#1104270). - chtls: Fix chtls resources release sequence (bsc#1104270 ). - chtls: Fix hardware tid leak (bsc#1104270). - chtls: Remove invalid set_tcb call (bsc#1104270). - chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#1109837). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540 bsc#1046542). - cxgb4: fix SGE queue dump destination buffer context (bsc#1073513). - cxgb4: fix adapter crash due to wrong MC size (bsc#1073513). - cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648). - cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129). - cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277). - cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#1127371). - cxgb4: move DCB version extern to header file (bsc#1104279 ). - cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220). - cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129). - cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#1046648). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - docs: Fix reST markup when linking to sections (git-fixes). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956) - drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting changes: * context changes - drm/atomic: put state on error path (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) Backporting changes: * context changes - drm/i915: Fix sha_text population code (bsc#1112178) Backporting changes: * context changes - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770) Backporting changes: * context changes * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) Backporting changes: * context changes - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770) Backporting changes: * context changes * removed reference to msm_gem_is_locked() - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770) - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178) Backporting changes: * context changes - drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) Backporting changes: * context changes - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178) - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: avoid premature Rx buffer reuse (bsc#1111981). - igb: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: fix link speed advertising (jsc#SLE-4799). - iio: ad5504: Fix setting power-down state (git-fixes). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837). - ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ). - kABI workaround for HD-audio generic parser (git-fixes). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - lockd: do not use interval-based rebinding over TCP (git-fixes). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid10: initialize r10_bio->read_slot before use (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#1112374). - mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (bsc#1112374). - mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/hotplug)). - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git fixes (mm/pgalloc)). - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git fixes (mm/hmm)). - mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)). - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)). - mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/hwpoison)). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - module: delay kobject uevent until after module init call (bsc#1178631). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/af_iucv: always register net_device notifier (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#190108). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc#1109837). - net/liquidio: Delete driver version assignment (git-fixes). - net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (git-fixes). - net/mlx5: Add handling of port type in rule deletion (bsc#1103991). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (bsc#1046305). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#1075020). - net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#1103990). - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels (bsc#1109837). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: receive pending data after RCV_SHUTDOWN (git-fixes). - net/smc: receive returns without data (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: reapply manual settings to the PHY (git-fixes). - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes). - net: cbs: Fix software cbs to consider packet sending time (bsc#1109837). - net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes). - net: freescale: fec: Fix ethtool -d runtime PM (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353). - net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE (git-fixes). - net: hns3: add management table after IMP reset (bsc#1104353 ). - net: hns3: check reset interrupt status when reset fails (git-fixes). - net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes). - net: hns3: fix a TX timeout issue (bsc#1104353). - net: hns3: fix a wrong reset interrupt status mask (git-fixes). - net: hns3: fix error VF index when setting VLAN offload (bsc#1104353). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390). - net: hns3: fix interrupt clearing error for VF (bsc#1104353 ). - net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353). - net: hns3: fix shaper parameter algorithm (bsc#1104353 ). - net: hns3: fix the number of queues actually used by ARQ (bsc#1104353). - net: hns3: fix use-after-free when doing self test (bsc#1104353 ). - net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#1098633). - net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ). - net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633). - net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes). - net: phy: micrel: make sure the factory test bit is cleared (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes). - net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: lan78xx: Fix error message format specifier (git-fixes). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes). - net_failover: fixed rollback in net_failover_open() (bsc#1109837). - net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfp: validate the return code from dev_queue_xmit() (git-fixes). - nfs_common: need lock during iterate through the list (git-fixes). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - page_frag: Recover from memory pressure (git fixes (mm/pgalloc)). - parport: load lowlevel driver if ports not found (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes). - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915). - s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#190915). - s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Fix enqueue_task_fair warning (bsc#1179093). - sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093). - sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093). - sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - tty: always relink the port (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#1109837). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837). - vfio iommu: Add dma available capability (bsc#1179573 LTC#190106). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231). - vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178). - x86/mm: Fix leak of pmd ptlock (bsc#1112178). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178). - x86/resctrl: Do not move a task to the same resource group (bsc#1112178). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178). - xdp: Fix xsk_generic_xmit errno (bsc#1109837). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-433=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.31.1 kernel-source-rt-4.12.14-10.31.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.31.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.31.1 dlm-kmp-rt-4.12.14-10.31.1 dlm-kmp-rt-debuginfo-4.12.14-10.31.1 gfs2-kmp-rt-4.12.14-10.31.1 gfs2-kmp-rt-debuginfo-4.12.14-10.31.1 kernel-rt-4.12.14-10.31.1 kernel-rt-base-4.12.14-10.31.1 kernel-rt-base-debuginfo-4.12.14-10.31.1 kernel-rt-debuginfo-4.12.14-10.31.1 kernel-rt-debugsource-4.12.14-10.31.1 kernel-rt-devel-4.12.14-10.31.1 kernel-rt-devel-debuginfo-4.12.14-10.31.1 kernel-rt_debug-4.12.14-10.31.1 kernel-rt_debug-debuginfo-4.12.14-10.31.1 kernel-rt_debug-debugsource-4.12.14-10.31.1 kernel-rt_debug-devel-4.12.14-10.31.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.31.1 kernel-syms-rt-4.12.14-10.31.1 ocfs2-kmp-rt-4.12.14-10.31.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.31.1 References: https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1046542 https://bugzilla.suse.com/1046648 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1074220 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104277 https://bugzilla.suse.com/1104279 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104742 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1174206 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178036 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178631 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1178900 https://bugzilla.suse.com/1179093 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179563 https://bugzilla.suse.com/1179573 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180859 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180912 https://bugzilla.suse.com/1181001 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181170 https://bugzilla.suse.com/1181230 https://bugzilla.suse.com/1181231 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Thu Feb 11 14:37:07 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 15:37:07 +0100 (CET) Subject: SUSE-SU-2021:0432-1: important: Security update for python Message-ID: <20210211143707.CD79BFFB2@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0432-1 Rating: important References: #1176262 #1180686 #1181126 Cross-References: CVE-2019-20916 CVE-2021-3177 CVSS scores: CVE-2019-20916 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2021-3177 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3177 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-432=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-432=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-432=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-432=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-432=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-432=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-432=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-432=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-432=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-432=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-432=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-432=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-432=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-432=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-432=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-432=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-432=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE OpenStack Cloud Crowbar 8 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE OpenStack Cloud 9 (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE OpenStack Cloud 9 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE OpenStack Cloud 8 (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE OpenStack Cloud 8 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 python-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-strict-tls-check-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 - SUSE Enterprise Storage 5 (x86_64): libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 - SUSE Enterprise Storage 5 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - HPE Helion Openstack 8 (noarch): python-doc-2.7.17-28.64.3 python-doc-pdf-2.7.17-28.64.3 - HPE Helion Openstack 8 (x86_64): libpython2_7-1_0-2.7.17-28.64.1 libpython2_7-1_0-32bit-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-2.7.17-28.64.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1 python-2.7.17-28.64.1 python-32bit-2.7.17-28.64.1 python-base-2.7.17-28.64.1 python-base-32bit-2.7.17-28.64.1 python-base-debuginfo-2.7.17-28.64.1 python-base-debuginfo-32bit-2.7.17-28.64.1 python-base-debugsource-2.7.17-28.64.1 python-curses-2.7.17-28.64.1 python-curses-debuginfo-2.7.17-28.64.1 python-debuginfo-2.7.17-28.64.1 python-debuginfo-32bit-2.7.17-28.64.1 python-debugsource-2.7.17-28.64.1 python-demo-2.7.17-28.64.1 python-devel-2.7.17-28.64.1 python-gdbm-2.7.17-28.64.1 python-gdbm-debuginfo-2.7.17-28.64.1 python-idle-2.7.17-28.64.1 python-tk-2.7.17-28.64.1 python-tk-debuginfo-2.7.17-28.64.1 python-xml-2.7.17-28.64.1 python-xml-debuginfo-2.7.17-28.64.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2021-3177.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1180686 https://bugzilla.suse.com/1181126 From sle-security-updates at lists.suse.com Thu Feb 11 17:16:34 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 18:16:34 +0100 (CET) Subject: SUSE-SU-2021:0435-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20210211171634.1DE85FF1F@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0435-1 Rating: important References: #1174075 #1176708 #1178801 #1178969 #1180243 #1180401 #1181730 #1181732 SLE-16460 Cross-References: CVE-2020-15257 CVE-2021-21284 CVE-2021-21285 CVSS scores: CVE-2020-15257 (NVD) : 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2020-15257 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21284 (NVD) : 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2021-21284 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N CVE-2021-21285 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-21285 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-435=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-435=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-435=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-435=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-435=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-435=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-435=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-435=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-435=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-435=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-435=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Manager Server 4.0 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Manager Retail Branch Server 4.0 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Manager Proxy 4.0 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Manager Proxy 4.0 (x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE Enterprise Storage 6 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 - SUSE CaaS Platform 4.0 (x86_64): containerd-1.3.9-5.29.3 docker-19.03.15_ce-6.43.3 docker-debuginfo-19.03.15_ce-6.43.3 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 - SUSE CaaS Platform 4.0 (noarch): docker-bash-completion-19.03.15_ce-6.43.3 References: https://www.suse.com/security/cve/CVE-2020-15257.html https://www.suse.com/security/cve/CVE-2021-21284.html https://www.suse.com/security/cve/CVE-2021-21285.html https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1176708 https://bugzilla.suse.com/1178801 https://bugzilla.suse.com/1178969 https://bugzilla.suse.com/1180243 https://bugzilla.suse.com/1180401 https://bugzilla.suse.com/1181730 https://bugzilla.suse.com/1181732 From sle-security-updates at lists.suse.com Thu Feb 11 20:19:08 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:19:08 +0100 (CET) Subject: SUSE-SU-2021:0437-1: important: Security update for the Linux Kernel Message-ID: <20210211201908.28782FF1F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0437-1 Rating: important References: #1070943 #1121826 #1121872 #1157298 #1168952 #1173942 #1176395 #1176485 #1177411 #1178123 #1178182 #1178589 #1178622 #1178886 #1179107 #1179140 #1179141 #1179204 #1179419 #1179508 #1179509 #1179601 #1179616 #1179663 #1179666 #1179745 #1179877 #1179960 #1179961 #1180008 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180559 #1180562 #1181349 #969755 Cross-References: CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVSS scores: CVE-2019-19063 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19063 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20934 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-20934 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6133 (NVD) : 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2019-6133 (SUSE): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-0444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11668 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-15436 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25285 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25285 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25668 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25669 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27068 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27777 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 (NVD) : 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27825 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-28915 (NVD) : 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28915 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 (NVD) : 5 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-28974 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 16 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the "start time" protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-437=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-437=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-437=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-437=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2021-437=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.149.1 kernel-default-base-4.4.121-92.149.1 kernel-default-base-debuginfo-4.4.121-92.149.1 kernel-default-debuginfo-4.4.121-92.149.1 kernel-default-debugsource-4.4.121-92.149.1 kernel-default-devel-4.4.121-92.149.1 kernel-syms-4.4.121-92.149.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.149.1 kernel-macros-4.4.121-92.149.1 kernel-source-4.4.121-92.149.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_149-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.149.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.149.1 kernel-default-base-4.4.121-92.149.1 kernel-default-base-debuginfo-4.4.121-92.149.1 kernel-default-debuginfo-4.4.121-92.149.1 kernel-default-debugsource-4.4.121-92.149.1 kernel-default-devel-4.4.121-92.149.1 kernel-syms-4.4.121-92.149.1 kgraft-patch-4_4_121-92_149-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.149.1 kernel-macros-4.4.121-92.149.1 kernel-source-4.4.121-92.149.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.149.1 kernel-default-base-4.4.121-92.149.1 kernel-default-base-debuginfo-4.4.121-92.149.1 kernel-default-debuginfo-4.4.121-92.149.1 kernel-default-debugsource-4.4.121-92.149.1 kernel-default-devel-4.4.121-92.149.1 kernel-syms-4.4.121-92.149.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_149-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.149.1 kernel-macros-4.4.121-92.149.1 kernel-source-4.4.121-92.149.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.149.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.149.1 kernel-default-base-4.4.121-92.149.1 kernel-default-base-debuginfo-4.4.121-92.149.1 kernel-default-debuginfo-4.4.121-92.149.1 kernel-default-debugsource-4.4.121-92.149.1 kernel-default-devel-4.4.121-92.149.1 kernel-syms-4.4.121-92.149.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.149.1 kernel-macros-4.4.121-92.149.1 kernel-source-4.4.121-92.149.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.149.1 cluster-md-kmp-default-debuginfo-4.4.121-92.149.1 cluster-network-kmp-default-4.4.121-92.149.1 cluster-network-kmp-default-debuginfo-4.4.121-92.149.1 dlm-kmp-default-4.4.121-92.149.1 dlm-kmp-default-debuginfo-4.4.121-92.149.1 gfs2-kmp-default-4.4.121-92.149.1 gfs2-kmp-default-debuginfo-4.4.121-92.149.1 kernel-default-debuginfo-4.4.121-92.149.1 kernel-default-debugsource-4.4.121-92.149.1 ocfs2-kmp-default-4.4.121-92.149.1 ocfs2-kmp-default-debuginfo-4.4.121-92.149.1 References: https://www.suse.com/security/cve/CVE-2019-19063.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2019-6133.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25285.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2021-3347.html https://bugzilla.suse.com/1070943 https://bugzilla.suse.com/1121826 https://bugzilla.suse.com/1121872 https://bugzilla.suse.com/1157298 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176485 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178622 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179961 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180028 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/969755 From sle-security-updates at lists.suse.com Thu Feb 11 20:25:42 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:25:42 +0100 (CET) Subject: SUSE-SU-2021:0439-1: important: Security update for openvswitch Message-ID: <20210211202542.443CDFF1F@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0439-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-439=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-439=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-439=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-439=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-439=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-439=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-439=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-439=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-439=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-439=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-439=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Manager Proxy 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python2-ovs-2.11.5-3.15.3 python2-ovs-debuginfo-2.11.5-3.15.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): python2-ovs-2.11.5-3.15.3 python2-ovs-debuginfo-2.11.5-3.15.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 - SUSE CaaS Platform 4.0 (x86_64): libopenvswitch-2_11-0-2.11.5-3.15.3 libopenvswitch-2_11-0-debuginfo-2.11.5-3.15.3 openvswitch-2.11.5-3.15.3 openvswitch-debuginfo-2.11.5-3.15.3 openvswitch-debugsource-2.11.5-3.15.3 openvswitch-devel-2.11.5-3.15.3 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Thu Feb 11 20:27:56 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:27:56 +0100 (CET) Subject: SUSE-SU-2021:0440-1: important: Security update for openvswitch Message-ID: <20210211202756.49E33FF1F@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0440-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-440=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-440=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-440=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-440=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenvswitch-2_11-0-2.11.5-6.33.3 libopenvswitch-2_11-0-debuginfo-2.11.5-6.33.3 openvswitch-2.11.5-6.33.3 openvswitch-debuginfo-2.11.5-6.33.3 openvswitch-debugsource-2.11.5-6.33.3 openvswitch-devel-2.11.5-6.33.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenvswitch-2_11-0-2.11.5-6.33.3 libopenvswitch-2_11-0-debuginfo-2.11.5-6.33.3 openvswitch-2.11.5-6.33.3 openvswitch-debuginfo-2.11.5-6.33.3 openvswitch-debugsource-2.11.5-6.33.3 openvswitch-devel-2.11.5-6.33.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-6.33.3 libopenvswitch-2_11-0-debuginfo-2.11.5-6.33.3 openvswitch-2.11.5-6.33.3 openvswitch-debuginfo-2.11.5-6.33.3 openvswitch-debugsource-2.11.5-6.33.3 openvswitch-devel-2.11.5-6.33.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenvswitch-2_11-0-2.11.5-6.33.3 libopenvswitch-2_11-0-debuginfo-2.11.5-6.33.3 openvswitch-2.11.5-6.33.3 openvswitch-debuginfo-2.11.5-6.33.3 openvswitch-debugsource-2.11.5-6.33.3 openvswitch-devel-2.11.5-6.33.3 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Thu Feb 11 20:28:49 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:28:49 +0100 (CET) Subject: SUSE-SU-2021:0436-1: important: Security update for openvswitch Message-ID: <20210211202849.B06AFFF1F@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0436-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-436=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-436=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.2-9.14.1 libopenvswitch-2_13-0-debuginfo-2.13.2-9.14.1 libovn-20_03-0-20.03.1-9.14.1 libovn-20_03-0-debuginfo-20.03.1-9.14.1 openvswitch-2.13.2-9.14.1 openvswitch-debuginfo-2.13.2-9.14.1 openvswitch-debugsource-2.13.2-9.14.1 openvswitch-devel-2.13.2-9.14.1 openvswitch-ipsec-2.13.2-9.14.1 openvswitch-pki-2.13.2-9.14.1 openvswitch-test-2.13.2-9.14.1 openvswitch-test-debuginfo-2.13.2-9.14.1 openvswitch-vtep-2.13.2-9.14.1 openvswitch-vtep-debuginfo-2.13.2-9.14.1 ovn-20.03.1-9.14.1 ovn-central-20.03.1-9.14.1 ovn-devel-20.03.1-9.14.1 ovn-docker-20.03.1-9.14.1 ovn-host-20.03.1-9.14.1 ovn-vtep-20.03.1-9.14.1 python3-ovs-2.13.2-9.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.2-9.14.1 libopenvswitch-2_13-0-debuginfo-2.13.2-9.14.1 openvswitch-debuginfo-2.13.2-9.14.1 openvswitch-debugsource-2.13.2-9.14.1 python3-ovs-2.13.2-9.14.1 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Thu Feb 11 20:29:45 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:29:45 +0100 (CET) Subject: SUSE-SU-2021:0443-1: important: Security update for wpa_supplicant Message-ID: <20210211202945.CE980FF1F@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0443-1 Rating: important References: #1181777 Cross-References: CVE-2021-0326 CVSS scores: CVE-2021-0326 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-443=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-443=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-443=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-443=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-443=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-443=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-443=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-443=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-443=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-443=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-443=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-443=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Manager Proxy 4.0 (x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 - SUSE CaaS Platform 4.0 (x86_64): wpa_supplicant-2.9-4.23.1 wpa_supplicant-debuginfo-2.9-4.23.1 wpa_supplicant-debugsource-2.9-4.23.1 References: https://www.suse.com/security/cve/CVE-2021-0326.html https://bugzilla.suse.com/1181777 From sle-security-updates at lists.suse.com Thu Feb 11 20:32:47 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Feb 2021 21:32:47 +0100 (CET) Subject: SUSE-SU-2021:0438-1: important: Security update for the Linux Kernel Message-ID: <20210211203247.8CB40FF1F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0438-1 Rating: important References: #1144912 #1149032 #1163840 #1168952 #1172199 #1173074 #1173942 #1176395 #1176846 #1177666 #1178182 #1178272 #1178372 #1178589 #1178590 #1178684 #1178886 #1179071 #1179107 #1179140 #1179141 #1179419 #1179429 #1179508 #1179509 #1179601 #1179616 #1179663 #1179666 #1179745 #1179877 #1179878 #1179895 #1179960 #1179961 #1180008 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180559 #1180562 #1180676 #1181001 #1181158 #1181349 #1181504 #1181553 #1181645 Cross-References: CVE-2019-20806 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-10781 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2019-20806 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-20806 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-20934 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-20934 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10781 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10781 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-11668 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-15436 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-25669 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27068 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27777 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 (NVD) : 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27825 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28374 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28374 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-28915 (NVD) : 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28915 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 (NVD) : 5 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-28974 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-29371 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has 24 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-10781: A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (bnc#1173074). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace (bnc#1179429). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-20806: Fixed a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service (bnc#1172199). The following non-security bugs were fixed: - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840 bsc#1179071). - blk-mq: make sure that line break can be printed (bsc#1163840 bsc#1179071). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1178272). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-438=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-438=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-438=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-438=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.66.1 kernel-default-base-4.12.14-150.66.1 kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 kernel-default-devel-4.12.14-150.66.1 kernel-default-devel-debuginfo-4.12.14-150.66.1 kernel-obs-build-4.12.14-150.66.1 kernel-obs-build-debugsource-4.12.14-150.66.1 kernel-syms-4.12.14-150.66.1 kernel-vanilla-base-4.12.14-150.66.1 kernel-vanilla-base-debuginfo-4.12.14-150.66.1 kernel-vanilla-debuginfo-4.12.14-150.66.1 kernel-vanilla-debugsource-4.12.14-150.66.1 reiserfs-kmp-default-4.12.14-150.66.1 reiserfs-kmp-default-debuginfo-4.12.14-150.66.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.66.1 kernel-docs-4.12.14-150.66.1 kernel-macros-4.12.14-150.66.1 kernel-source-4.12.14-150.66.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.66.1 kernel-default-base-4.12.14-150.66.1 kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 kernel-default-devel-4.12.14-150.66.1 kernel-default-devel-debuginfo-4.12.14-150.66.1 kernel-obs-build-4.12.14-150.66.1 kernel-obs-build-debugsource-4.12.14-150.66.1 kernel-syms-4.12.14-150.66.1 kernel-vanilla-base-4.12.14-150.66.1 kernel-vanilla-base-debuginfo-4.12.14-150.66.1 kernel-vanilla-debuginfo-4.12.14-150.66.1 kernel-vanilla-debugsource-4.12.14-150.66.1 reiserfs-kmp-default-4.12.14-150.66.1 reiserfs-kmp-default-debuginfo-4.12.14-150.66.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.66.1 kernel-docs-4.12.14-150.66.1 kernel-macros-4.12.14-150.66.1 kernel-source-4.12.14-150.66.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.66.1 kernel-zfcpdump-debuginfo-4.12.14-150.66.1 kernel-zfcpdump-debugsource-4.12.14-150.66.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 kernel-default-livepatch-4.12.14-150.66.1 kernel-livepatch-4_12_14-150_66-default-1-1.3.1 kernel-livepatch-4_12_14-150_66-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.66.1 kernel-default-base-4.12.14-150.66.1 kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 kernel-default-devel-4.12.14-150.66.1 kernel-default-devel-debuginfo-4.12.14-150.66.1 kernel-obs-build-4.12.14-150.66.1 kernel-obs-build-debugsource-4.12.14-150.66.1 kernel-syms-4.12.14-150.66.1 kernel-vanilla-base-4.12.14-150.66.1 kernel-vanilla-base-debuginfo-4.12.14-150.66.1 kernel-vanilla-debuginfo-4.12.14-150.66.1 kernel-vanilla-debugsource-4.12.14-150.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.66.1 kernel-docs-4.12.14-150.66.1 kernel-macros-4.12.14-150.66.1 kernel-source-4.12.14-150.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.66.1 kernel-default-base-4.12.14-150.66.1 kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 kernel-default-devel-4.12.14-150.66.1 kernel-default-devel-debuginfo-4.12.14-150.66.1 kernel-obs-build-4.12.14-150.66.1 kernel-obs-build-debugsource-4.12.14-150.66.1 kernel-syms-4.12.14-150.66.1 kernel-vanilla-base-4.12.14-150.66.1 kernel-vanilla-base-debuginfo-4.12.14-150.66.1 kernel-vanilla-debuginfo-4.12.14-150.66.1 kernel-vanilla-debugsource-4.12.14-150.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.66.1 kernel-docs-4.12.14-150.66.1 kernel-macros-4.12.14-150.66.1 kernel-source-4.12.14-150.66.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.66.1 cluster-md-kmp-default-debuginfo-4.12.14-150.66.1 dlm-kmp-default-4.12.14-150.66.1 dlm-kmp-default-debuginfo-4.12.14-150.66.1 gfs2-kmp-default-4.12.14-150.66.1 gfs2-kmp-default-debuginfo-4.12.14-150.66.1 kernel-default-debuginfo-4.12.14-150.66.1 kernel-default-debugsource-4.12.14-150.66.1 ocfs2-kmp-default-4.12.14-150.66.1 ocfs2-kmp-default-debuginfo-4.12.14-150.66.1 References: https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1163840 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178272 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178684 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179071 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179961 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180028 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180676 https://bugzilla.suse.com/1181001 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/1181645 From sle-security-updates at lists.suse.com Fri Feb 12 11:16:59 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 12:16:59 +0100 (CET) Subject: SUSE-SU-2021:0445-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20210212111659.11A97FFB4@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0445-1 Rating: important References: #1065609 #1153367 #1157330 #1158590 #1176708 #1177598 #1178801 #1180401 #1181730 #1181732 Cross-References: CVE-2020-15157 CVE-2021-21284 CVE-2021-21285 CVSS scores: CVE-2020-15157 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2020-15157 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-21284 (NVD) : 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2021-21284 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N CVE-2021-21285 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-21285 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Update Docker to 19.03.15-ce: - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) - CVE-2020-15157: containerd: credentials leaking during image pull (bsc#1177598) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-445=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.3.9-16.35.1 docker-19.03.15_ce-98.60.2 docker-debuginfo-19.03.15_ce-98.60.2 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-37.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-37.1 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-1.52.1 References: https://www.suse.com/security/cve/CVE-2020-15157.html https://www.suse.com/security/cve/CVE-2021-21284.html https://www.suse.com/security/cve/CVE-2021-21285.html https://bugzilla.suse.com/1065609 https://bugzilla.suse.com/1153367 https://bugzilla.suse.com/1157330 https://bugzilla.suse.com/1158590 https://bugzilla.suse.com/1176708 https://bugzilla.suse.com/1177598 https://bugzilla.suse.com/1178801 https://bugzilla.suse.com/1180401 https://bugzilla.suse.com/1181730 https://bugzilla.suse.com/1181732 From sle-security-updates at lists.suse.com Fri Feb 12 14:17:28 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 15:17:28 +0100 (CET) Subject: SUSE-SU-2021:0448-1: moderate: Security update for SUSE Manager Server 4.0 Message-ID: <20210212141728.4261EFFB4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0448-1 Rating: moderate References: #1164227 #1164451 #1171836 #1176018 #1176417 #1176823 #1176898 #1176906 #1177031 #1177184 #1177336 #1177508 #1178303 #1178503 #1178647 #1178839 #1179087 #1179273 #1179410 #1179552 #1179589 #1179872 #1179990 #1180001 #1180127 #1180285 #1180803 #1181356 Cross-References: CVE-2021-23901 CVSS scores: CVE-2021-23901 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has 27 fixes is now available. Description: This update fixes the following issues: cpu-mitigations-formula: - Handle unsupported target systems gracefully (bsc#1179273) - add mitigations for Xen hypervisor nutch-core: - Fix XXE injection in DmozParser CVE-2021-23901 (bsc#1181356) smdba: - Do not remove the database if there is no backup and deal with manifest - Fix smdba throws error on mgr-setup/installation - Raise an exception on failed external process call - Fix TablePrint formatting - Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030) - Revert modifying cpu_tuple_cost - Adapted spec file for RHEL8 - Adapt recover mechanism for postgresql12 and later spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) spacewalk-backend: - Reposync: Fixed Kickstart functionality. - Reposync: Fixed URLGrabber error handling. - Reposync: Fix modular data handling for cloned channels (bsc#1177508) - Truncate author name in the changelog (bsc#1180285) - Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906) - Prevent tracebacks on missing mail configuration (bsc#1179990) - Fix pycurl.error handling in suseLib.py (bsc#1179990) - Use sanitized repo label to build reposync repo cache path (bsc#1179410) - Quote the proxy settings to be used by Zypper (bsc#1179087) - Fix spacewalk-repo-sync to successfully manage and sync ULN repositories - Fix errors in spacewalk-debug and align postgresql queries to new DB version spacewalk-branding: - Set Copyright year to 2021 spacewalk-certs-tools: - Improve check for correct CA trust store directory (bsc#1176417) spacewalk-java: - Fix modular data handling for cloned channels (bsc#1177508) - Fix reboot action race condition (bsc#1177031) - Fix availability check for debian repositories (bsc#1180127) - Ignore duplicate NEVRAs in package profile update (bsc#1176018) - Prevent deletion of CLM environments if they're used in an autoinstallation profile (bsc#1179552) - Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#1179872) - Add validation for custom repository labels - Fix expanded support detection based on CentOS installations (bsc#1179589) - Add translation strings for newly added countries and timezones (jsc#PM-2081) - Fix the activation key handling from kickstart profile (bsc#1178647) - Update exception message in findSyncedMandatoryChannels - Fix check for available products on ISS Slaves (bsc#1177184) - Get media.1/products for cloned channels (bsc#1178303) - Calculate size to truncate a history message based on the htmlified version (bsc#1178503) - Change message "Minion is down" to be more accurate - XMLRPC: Report architecture label in the list of installed packages (bsc#1176898) spacewalk-reports: - Fixes no file content in `spacewalk-report config-files` - Write `` placeholder instead of dumping binary data spacewalk-utils: - Fix modular data handling for cloned channels (bsc#1177508) spacewalk-web: - Prevent deletion of CLM environments if they're used in an autoinstallation profile (bsc#1179552) - Fix mandatory channels JS API to finish loading in case of error (bsc#1178839) supportutils-plugin-susemanager: - Remove checks for obsolete packages - Gather new configfiles - Add more important informations susemanager-doc-indexes: - Added new section for bootstrap repository for end of life products in Client Configuration Guide - Remove old certs before renaming moved to Administration Guide (bsc#1171836) - Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001) - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451) susemanager-docs_en: - Added new section for bootstrap repository for end of life products in Client Configuration Guide - Remove old certs before renaming moved to Administration Guide (bsc#1171836) - Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001) - Combining activation keys works only with traditional clients. Updated Client Configuration Guide and Reference. (bsc#1164451) susemanager-frontend-libs: - Update Bootstrap to 3.1.0 susemanager-schema: - Add new valid countries and timezones (jsc#PM-2081) susemanager-sls: - Fix apt login for similar channel labels (bsc#1180803) - Change behavior of mgrcompat wrapper after deprecation changes on Salt 3002 - Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227) - Fix: sync before start action chains (bsc#1177336) susemanager-sync-data: - Change centos 6 URLs to vault.centos.org - Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS - Remove duplicate repo definition How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: `spacewalk-schema-upgrade` 5. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-448=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): smdba-1.7.8-0.3.3.2 spacewalk-branding-4.0.19-3.21.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cpu-mitigations-formula-0.3-4.9.2 nutch-core-1.0.1-4.5.2 python3-spacewalk-backend-libs-4.0.36-3.41.2 python3-spacewalk-certs-tools-4.0.18-3.24.2 spacecmd-4.0.22-3.25.2 spacewalk-backend-4.0.36-3.41.2 spacewalk-backend-app-4.0.36-3.41.2 spacewalk-backend-applet-4.0.36-3.41.2 spacewalk-backend-config-files-4.0.36-3.41.2 spacewalk-backend-config-files-common-4.0.36-3.41.2 spacewalk-backend-config-files-tool-4.0.36-3.41.2 spacewalk-backend-iss-4.0.36-3.41.2 spacewalk-backend-iss-export-4.0.36-3.41.2 spacewalk-backend-package-push-server-4.0.36-3.41.2 spacewalk-backend-server-4.0.36-3.41.2 spacewalk-backend-sql-4.0.36-3.41.2 spacewalk-backend-sql-postgresql-4.0.36-3.41.2 spacewalk-backend-tools-4.0.36-3.41.2 spacewalk-backend-xml-export-libs-4.0.36-3.41.2 spacewalk-backend-xmlrpc-4.0.36-3.41.2 spacewalk-base-4.0.26-3.39.3 spacewalk-base-minimal-4.0.26-3.39.3 spacewalk-base-minimal-config-4.0.26-3.39.3 spacewalk-certs-tools-4.0.18-3.24.2 spacewalk-html-4.0.26-3.39.3 spacewalk-java-4.0.41-3.51.2 spacewalk-java-config-4.0.41-3.51.2 spacewalk-java-lib-4.0.41-3.51.2 spacewalk-java-postgresql-4.0.41-3.51.2 spacewalk-reports-4.0.6-3.3.2 spacewalk-taskomatic-4.0.41-3.51.2 spacewalk-utils-4.0.19-3.24.2 supportutils-plugin-susemanager-4.0.5-3.6.2 susemanager-doc-indexes-4.0-10.30.2 susemanager-docs_en-4.0-10.30.2 susemanager-docs_en-pdf-4.0-10.30.2 susemanager-frontend-libs-4.0.3-4.6.2 susemanager-schema-4.0.24-3.35.2 susemanager-sls-4.0.32-3.40.2 susemanager-sync-data-4.0.20-3.32.2 susemanager-web-libs-4.0.26-3.39.3 References: https://www.suse.com/security/cve/CVE-2021-23901.html https://bugzilla.suse.com/1164227 https://bugzilla.suse.com/1164451 https://bugzilla.suse.com/1171836 https://bugzilla.suse.com/1176018 https://bugzilla.suse.com/1176417 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1176898 https://bugzilla.suse.com/1176906 https://bugzilla.suse.com/1177031 https://bugzilla.suse.com/1177184 https://bugzilla.suse.com/1177336 https://bugzilla.suse.com/1177508 https://bugzilla.suse.com/1178303 https://bugzilla.suse.com/1178503 https://bugzilla.suse.com/1178647 https://bugzilla.suse.com/1178839 https://bugzilla.suse.com/1179087 https://bugzilla.suse.com/1179273 https://bugzilla.suse.com/1179410 https://bugzilla.suse.com/1179552 https://bugzilla.suse.com/1179589 https://bugzilla.suse.com/1179872 https://bugzilla.suse.com/1179990 https://bugzilla.suse.com/1180001 https://bugzilla.suse.com/1180127 https://bugzilla.suse.com/1180285 https://bugzilla.suse.com/1180803 https://bugzilla.suse.com/1181356 From sle-security-updates at lists.suse.com Fri Feb 12 14:23:52 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 15:23:52 +0100 (CET) Subject: SUSE-SU-2021:0446-1: important: Security update for openvswitch Message-ID: <20210212142352.77698FFB4@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0446-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-446=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-446=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-446=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-446=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-446=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-446=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-446=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - SUSE OpenStack Cloud 8 (x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 - HPE Helion Openstack 8 (x86_64): openvswitch-2.7.12-3.39.1 openvswitch-debuginfo-2.7.12-3.39.1 openvswitch-debugsource-2.7.12-3.39.1 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Fri Feb 12 14:30:18 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 15:30:18 +0100 (CET) Subject: SUSE-SU-2021:0449-1: moderate: Security update for perl-File-Path Message-ID: <20210212143018.34E04FFFB@maintenance.suse.de> SUSE Security Update: Security update for perl-File-Path ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0449-1 Rating: moderate References: ECO-3050 SLE-17088 Cross-References: CVE-2017-6512 CVSS scores: CVE-2017-6512 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2017-6512 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability, contains two features is now available. Description: This update for perl-File-Path fixes the following issues: - Provide `File::Path` version 2.15 to SLE-12-SP5 (jsc#SLE-17088, jsc#ECO-3050) - CVE-2017-6512: fix a race condition in the `File-Path` module for Perl. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-449=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-File-Path-2.150000-8.3.1 References: https://www.suse.com/security/cve/CVE-2017-6512.html From sle-security-updates at lists.suse.com Fri Feb 12 17:16:50 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 18:16:50 +0100 (CET) Subject: SUSE-SU-2021:0451-1: important: Security update for openvswitch Message-ID: <20210212171650.D9AFAFFFB@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0451-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-451=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-451=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-451=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-451=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openvswitch-2.5.11-25.29.1 openvswitch-debuginfo-2.5.11-25.29.1 openvswitch-debugsource-2.5.11-25.29.1 openvswitch-switch-2.5.11-25.29.1 openvswitch-switch-debuginfo-2.5.11-25.29.1 - SUSE OpenStack Cloud 7 (x86_64): openvswitch-dpdk-2.5.11-25.29.1 openvswitch-dpdk-debuginfo-2.5.11-25.29.1 openvswitch-dpdk-debugsource-2.5.11-25.29.1 openvswitch-dpdk-switch-2.5.11-25.29.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openvswitch-2.5.11-25.29.1 openvswitch-debuginfo-2.5.11-25.29.1 openvswitch-debugsource-2.5.11-25.29.1 openvswitch-switch-2.5.11-25.29.1 openvswitch-switch-debuginfo-2.5.11-25.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): openvswitch-dpdk-2.5.11-25.29.1 openvswitch-dpdk-debuginfo-2.5.11-25.29.1 openvswitch-dpdk-debugsource-2.5.11-25.29.1 openvswitch-dpdk-switch-2.5.11-25.29.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openvswitch-2.5.11-25.29.1 openvswitch-debuginfo-2.5.11-25.29.1 openvswitch-debugsource-2.5.11-25.29.1 openvswitch-switch-2.5.11-25.29.1 openvswitch-switch-debuginfo-2.5.11-25.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): openvswitch-dpdk-2.5.11-25.29.1 openvswitch-dpdk-debuginfo-2.5.11-25.29.1 openvswitch-dpdk-debugsource-2.5.11-25.29.1 openvswitch-dpdk-switch-2.5.11-25.29.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openvswitch-2.5.11-25.29.1 openvswitch-debuginfo-2.5.11-25.29.1 openvswitch-debugsource-2.5.11-25.29.1 openvswitch-dpdk-2.5.11-25.29.1 openvswitch-dpdk-debuginfo-2.5.11-25.29.1 openvswitch-dpdk-debugsource-2.5.11-25.29.1 openvswitch-dpdk-switch-2.5.11-25.29.1 openvswitch-dpdk-switch-debuginfo-2.5.11-25.29.1 openvswitch-switch-2.5.11-25.29.1 openvswitch-switch-debuginfo-2.5.11-25.29.1 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Fri Feb 12 20:15:38 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Feb 2021 21:15:38 +0100 (CET) Subject: SUSE-SU-2021:0452-1: important: Security update for the Linux Kernel Message-ID: <20210212201538.D1DE9FFFB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0452-1 Rating: important References: #1105322 #1105323 #1139944 #1168952 #1173942 #1175306 #1176395 #1176485 #1177440 #1177666 #1178182 #1178272 #1178589 #1178886 #1179107 #1179140 #1179141 #1179204 #1179419 #1179508 #1179509 #1179601 #1179616 #1179663 #1179666 #1179745 #1179877 #1179878 #1179960 #1179961 #1180008 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180559 #1180562 #1180815 #1181096 #1181158 #1181349 #1181553 #969755 Cross-References: CVE-2018-10902 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVSS scores: CVE-2018-10902 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10902 (SUSE): 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20934 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2019-20934 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0444 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11668 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-15436 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25285 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25285 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25669 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27068 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27777 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27825 (NVD) : 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27825 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-28915 (NVD) : 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28915 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 (NVD) : 5 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-28974 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). The following non-security bugs were fixed: - cifs: do not revalidate mountpoint dentries (bsc#1177440). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: ignore revalidate failures in case of process gets signaled (bsc#1177440). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - IB/hfi1: Clean up hfi1_user_exp_rcv_setup function (bsc#1179878). - IB/hfi1: Clean up pin_vector_pages() function (bsc#1179878). - IB/hfi1: Fix the bail out code in pin_vector_pages() function (bsc#1179878). - IB/hfi1: Move structure definitions from user_exp_rcv.c to user_exp_rcv.h (bsc#1179878). - IB/hfi1: Name function prototype parameters (bsc#1179878). - IB/hfi1: Use filedata rather than filepointer (bsc#1179878). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1178272). - Use r3 instead of r13 for l1d fallback flush in do_uaccess_fush (bsc#1181096 ltc#190883). - video: hyperv_fb: include vmalloc.h (bsc#1175306). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-452=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-452=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-452=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-452=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-452=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-452=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-452=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-452=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-default-kgraft-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-default-kgraft-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-default-kgraft-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.138.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.138.1 cluster-md-kmp-default-debuginfo-4.4.180-94.138.1 dlm-kmp-default-4.4.180-94.138.1 dlm-kmp-default-debuginfo-4.4.180-94.138.1 gfs2-kmp-default-4.4.180-94.138.1 gfs2-kmp-default-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 ocfs2-kmp-default-4.4.180-94.138.1 ocfs2-kmp-default-debuginfo-4.4.180-94.138.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 - SUSE Enterprise Storage 5 (x86_64): kernel-default-kgraft-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.138.1 kernel-default-base-4.4.180-94.138.1 kernel-default-base-debuginfo-4.4.180-94.138.1 kernel-default-debuginfo-4.4.180-94.138.1 kernel-default-debugsource-4.4.180-94.138.1 kernel-default-devel-4.4.180-94.138.1 kernel-default-kgraft-4.4.180-94.138.1 kernel-syms-4.4.180-94.138.1 kgraft-patch-4_4_180-94_138-default-1-4.3.1 kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.138.1 kernel-macros-4.4.180-94.138.1 kernel-source-4.4.180-94.138.1 References: https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25285.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-3347.html https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176485 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178272 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179961 https://bugzilla.suse.com/1180008 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180028 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1180815 https://bugzilla.suse.com/1181096 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181553 https://bugzilla.suse.com/969755 From sle-security-updates at lists.suse.com Fri Feb 12 23:18:20 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Feb 2021 00:18:20 +0100 (CET) Subject: SUSE-SU-2021:14623-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210212231820.4EB27FFB4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14623-1 Rating: moderate References: #1083110 #1157479 #1158441 #1159284 #1162504 #1163981 #1165425 #1167556 #1169604 #1171257 #1171461 #1172211 #1173909 #1173911 #1175549 #1176293 #1176823 #1178319 #1178361 #1178362 #1178485 #1179566 #1180584 Cross-References: CVE-2019-17361 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 CVSS scores: CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves four vulnerabilities and has 19 fixes is now available. Description: This update fixes the following issues: prometheus-exporter-exporter: - Initial release (Closes: #968029). salt: - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Bigvm backports - Virt consoles, CPU tuning and topology, and memory tuning. - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list. Revert https://github.com/saltstack/salt/pull/58655 - Drop wrong virt capabilities code after rebasing patches - Update to Salt release version 3002.2 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Bigvm backports: virt consoles, CPU tuning and topology, and memory tuning. - Fix for file.check_perms to work with numeric uid/gid - Change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110) - Set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592) (CVE-2020-17490) (CVE-2020-16846) - Fix novendorchange handling in zypperpkg module - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Adding missing virt backports to 3000.3 - Do not raise StreamClosedError traceback but only log it (bsc#1175549) - Update to Salt release version 3000.3 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.3.html - Take care of failed, skipped and unreachable tasks and propagate "retcode" (bsc#1173911) (bsc#1173909) - Msgpack: support versions >= 1.0.0 (bsc#1171257) - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Update to Salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html loop: fix variable names for until_no_eval - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Backport saltutil state module to 2019.2 codebase (bsc#1167556) - Add new custom SUSE capability for saltutil state module - Virt._get_domain: don't raise an exception if there is no VM - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Requiring python3-distro only for openSUSE/SLE >= 15 - Use full option name instead of undocumented abbreviation for zypper - Python-distro is only needed for > Python 3.7. Removing it for Python 2 - RHEL/CentOS 8 uses platform-python instead of python3 - Enable build for Python 3.8 - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) (bsc#1162504) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter - Support for Btrfs and XFS in parted and mkfs added Adds virt.(pool|network)_get_xml functions Various libvirt updates - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Fix StreamClosedError issue (bsc#1157479) - Requires vs BuildRequires - Limiting M2Crypto to >= SLE15 - Replacing pycrypto with M2Crypto (bsc#1165425) - Update to 2019.2.2 release zypperpkg: understand product type - Enable usage of downloadonly parameter for apt module - Add new "salt-standalone-formulas-configuration" package spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Fixed "non-advanced" package search when using multiple package names (bsc#1180584) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu204ct-client-tools-beta-202101-14623=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): prometheus-exporter-exporter-0.4.0-1 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.11.1 salt-minion-3002.2+ds-1+2.11.1 spacecmd-4.2.4-2.9.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1083110 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1163981 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173909 https://bugzilla.suse.com/1173911 https://bugzilla.suse.com/1175549 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180584 From sle-security-updates at lists.suse.com Fri Feb 12 23:22:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Feb 2021 00:22:27 +0100 (CET) Subject: SUSE-SU-2021:14624-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210212232227.DD75FFFB4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14624-1 Rating: moderate References: #1083110 #1157479 #1158441 #1159284 #1162504 #1163981 #1165425 #1167556 #1169604 #1171257 #1171461 #1172211 #1173909 #1173911 #1175549 #1176293 #1176823 #1178319 #1178361 #1178362 #1178485 #1179566 #1180584 Cross-References: CVE-2019-17361 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 CVSS scores: CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves four vulnerabilities and has 19 fixes is now available. Description: This update fixes the following issues: prometheus-exporter-exporter: - Initial release (Closes: #968029). salt: - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Bigvm backports - Virt consoles, CPU tuning and topology, and memory tuning. - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list. Revert https://github.com/saltstack/salt/pull/58655 - Drop wrong virt capabilities code after rebasing patches - Update to Salt release version 3002.2 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Bigvm backports: virt consoles, CPU tuning and topology, and memory tuning. - Fix for file.check_perms to work with numeric uid/gid - Change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110) - Set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592) (CVE-2020-17490) (CVE-2020-16846) - Fix novendorchange handling in zypperpkg module - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Adding missing virt backports to 3000.3 - Do not raise StreamClosedError traceback but only log it (bsc#1175549) - Update to Salt release version 3000.3 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.3.html - Take care of failed, skipped and unreachable tasks and propagate "retcode" (bsc#1173911) (bsc#1173909) - Msgpack: support versions >= 1.0.0 (bsc#1171257) - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Update to Salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html loop: fix variable names for until_no_eval - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Backport saltutil state module to 2019.2 codebase (bsc#1167556) - Add new custom SUSE capability for saltutil state module - Virt._get_domain: don't raise an exception if there is no VM - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Requiring python3-distro only for openSUSE/SLE >= 15 - Use full option name instead of undocumented abbreviation for zypper - Python-distro is only needed for > Python 3.7. Removing it for Python 2 - RHEL/CentOS 8 uses platform-python instead of python3 - Enable build for Python 3.8 - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) (bsc#1162504) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter - Support for Btrfs and XFS in parted and mkfs added Adds virt.(pool|network)_get_xml functions Various libvirt updates - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Fix StreamClosedError issue (bsc#1157479) - Requires vs BuildRequires - Limiting M2Crypto to >= SLE15 - Replacing pycrypto with M2Crypto (bsc#1165425) - Update to 2019.2.2 release zypperpkg: understand product type - Enable usage of downloadonly parameter for apt module - Add new "salt-standalone-formulas-configuration" package spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Fixed "non-advanced" package search when using multiple package names (bsc#1180584) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu184ct-client-tools-beta-202101-14624=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (amd64): prometheus-exporter-exporter-0.4.0-1 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+27.28.2 salt-minion-3002.2+ds-1+27.28.2 spacecmd-4.2.4-2.15.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1083110 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1163981 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173909 https://bugzilla.suse.com/1173911 https://bugzilla.suse.com/1175549 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180584 From sle-security-updates at lists.suse.com Mon Feb 15 14:15:35 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2021 15:15:35 +0100 (CET) Subject: SUSE-SU-2021:0479-1: important: Security update for openvswitch Message-ID: <20210215141535.8F7E1FFB4@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0479-1 Rating: important References: #1181742 Cross-References: CVE-2020-35498 CVSS scores: CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-479=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-479=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-479=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-479=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenvswitch-2_8-0-2.8.10-4.26.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.26.1 openvswitch-2.8.10-4.26.1 openvswitch-debuginfo-2.8.10-4.26.1 openvswitch-debugsource-2.8.10-4.26.1 - SUSE OpenStack Cloud 9 (x86_64): libopenvswitch-2_8-0-2.8.10-4.26.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.26.1 openvswitch-2.8.10-4.26.1 openvswitch-debuginfo-2.8.10-4.26.1 openvswitch-debugsource-2.8.10-4.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenvswitch-2_8-0-2.8.10-4.26.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.26.1 openvswitch-2.8.10-4.26.1 openvswitch-debuginfo-2.8.10-4.26.1 openvswitch-debugsource-2.8.10-4.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.10-4.26.1 libopenvswitch-2_8-0-debuginfo-2.8.10-4.26.1 openvswitch-2.8.10-4.26.1 openvswitch-debuginfo-2.8.10-4.26.1 openvswitch-debugsource-2.8.10-4.26.1 References: https://www.suse.com/security/cve/CVE-2020-35498.html https://bugzilla.suse.com/1181742 From sle-security-updates at lists.suse.com Mon Feb 15 14:16:44 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2021 15:16:44 +0100 (CET) Subject: SUSE-SU-2021:0478-1: important: Security update for wpa_supplicant Message-ID: <20210215141644.D5851FFB4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0478-1 Rating: important References: #1150934 #1181777 Cross-References: CVE-2019-16275 CVE-2021-0326 CVSS scores: CVE-2019-16275 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16275 (SUSE): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-0326 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-478=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-478=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-478=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-478=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-478=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-478=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-478=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-478=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-478=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-478=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-478=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-478=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-478=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-478=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE OpenStack Cloud 9 (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE OpenStack Cloud 8 (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE OpenStack Cloud 7 (s390x x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 - HPE Helion Openstack 8 (x86_64): wpa_supplicant-2.6-15.13.1 wpa_supplicant-debuginfo-2.6-15.13.1 wpa_supplicant-debugsource-2.6-15.13.1 References: https://www.suse.com/security/cve/CVE-2019-16275.html https://www.suse.com/security/cve/CVE-2021-0326.html https://bugzilla.suse.com/1150934 https://bugzilla.suse.com/1181777 From sle-security-updates at lists.suse.com Mon Feb 15 14:17:55 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2021 15:17:55 +0100 (CET) Subject: SUSE-SU-2021:0477-1: important: Security update for wpa_supplicant Message-ID: <20210215141755.AA3CDFFB4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0477-1 Rating: important References: #1181777 Cross-References: CVE-2021-0326 CVSS scores: CVE-2021-0326 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-477=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-23.6.1 wpa_supplicant-debuginfo-2.9-23.6.1 wpa_supplicant-debugsource-2.9-23.6.1 References: https://www.suse.com/security/cve/CVE-2021-0326.html https://bugzilla.suse.com/1181777 From sle-security-updates at lists.suse.com Mon Feb 15 20:14:53 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Feb 2021 21:14:53 +0100 (CET) Subject: SUSE-SU-2021:0480-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210215201453.71844FFB4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0480-1 Rating: moderate References: #1083110 #1157479 #1158441 #1159284 #1162504 #1163981 #1165425 #1167556 #1169604 #1171257 #1171461 #1172211 #1173909 #1173911 #1175549 #1176293 #1176823 #1178319 #1178361 #1178362 #1178485 #1179566 #1180584 Cross-References: CVE-2019-17361 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 CVSS scores: CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves four vulnerabilities and has 19 fixes is now available. Description: This update fixes the following issues: prometheus-exporter-exporter: - Initial release (Closes: #968029). salt: - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Bigvm backports - Virt consoles, CPU tuning and topology, and memory tuning. - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list. Revert https://github.com/saltstack/salt/pull/58655 - Drop wrong virt capabilities code after rebasing patches - Update to Salt release version 3002.2 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Bigvm backports: virt consoles, CPU tuning and topology, and memory tuning. - Fix for file.check_perms to work with numeric uid/gid - Change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110) - Set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592) (CVE-2020-17490) (CVE-2020-16846) - Fix novendorchange handling in zypperpkg module - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Adding missing virt backports to 3000.3 - Do not raise StreamClosedError traceback but only log it (bsc#1175549) - Update to Salt release version 3000.3 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.3.html - Take care of failed, skipped and unreachable tasks and propagate "retcode" (bsc#1173911) (bsc#1173909) - Msgpack: support versions >= 1.0.0 (bsc#1171257) - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Update to Salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html loop: fix variable names for until_no_eval - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Backport saltutil state module to 2019.2 codebase (bsc#1167556) - Add new custom SUSE capability for saltutil state module - Virt._get_domain: don't raise an exception if there is no VM - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Requiring python3-distro only for openSUSE/SLE >= 15 - Use full option name instead of undocumented abbreviation for zypper - Python-distro is only needed for > Python 3.7. Removing it for Python 2 - RHEL/CentOS 8 uses platform-python instead of python3 - Enable build for Python 3.8 - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981) (bsc#1162504) See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on 'start_event_grains' configuration parameter - Support for Btrfs and XFS in parted and mkfs added Adds virt.(pool|network)_get_xml functions Various libvirt updates - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Fix StreamClosedError issue (bsc#1157479) - Requires vs BuildRequires - Limiting M2Crypto to >= SLE15 - Replacing pycrypto with M2Crypto (bsc#1165425) - Update to 2019.2.2 release zypperpkg: understand product type - Enable usage of downloadonly parameter for apt module - Add new "salt-standalone-formulas-configuration" package spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Fixed "non-advanced" package search when using multiple package names (bsc#1180584) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-x86_64-2021-480=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (amd64): prometheus-exporter-exporter-0.4.0-1 - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.6.1 salt-minion-3002.2+ds-1+2.6.1 spacecmd-4.2.4-2.6.1 References: https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1083110 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1163981 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173909 https://bugzilla.suse.com/1173911 https://bugzilla.suse.com/1175549 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180584 From sle-security-updates at lists.suse.com Tue Feb 16 14:16:51 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 15:16:51 +0100 (CET) Subject: SUSE-SU-2021:0486-1: moderate: Security update for python-urllib3 Message-ID: <20210216141651.522E8FFB4@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0486-1 Rating: moderate References: #1177211 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-486=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-urllib3-1.16-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 From sle-security-updates at lists.suse.com Tue Feb 16 14:17:58 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 15:17:58 +0100 (CET) Subject: SUSE-SU-2021:0483-1: important: Security update for python-bottle Message-ID: <20210216141758.3BBD1FFB4@maintenance.suse.de> SUSE Security Update: Security update for python-bottle ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0483-1 Rating: important References: #1182181 Cross-References: CVE-2020-28473 CVSS scores: CVE-2020-28473 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-28473 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking (bsc#1182181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-483=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-483=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-bottle-0.12.13-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): python3-bottle-0.12.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-28473.html https://bugzilla.suse.com/1182181 From sle-security-updates at lists.suse.com Tue Feb 16 14:19:01 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 15:19:01 +0100 (CET) Subject: SUSE-SU-2021:14627-1: important: Security update for jasper Message-ID: <20210216141901.81351FFB4@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14627-1 Rating: important References: #1179748 #1181483 Cross-References: CVE-2020-27828 CVE-2021-3272 CVSS scores: CVE-2020-27828 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27828 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3272 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3272 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-jasper-14627=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-jasper-14627=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jasper-14627=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-jasper-14627=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libjasper-1.900.14-134.33.20.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libjasper-32bit-1.900.14-134.33.20.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libjasper-1.900.14-134.33.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): jasper-debuginfo-1.900.14-134.33.20.1 jasper-debugsource-1.900.14-134.33.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): jasper-debuginfo-1.900.14-134.33.20.1 jasper-debugsource-1.900.14-134.33.20.1 References: https://www.suse.com/security/cve/CVE-2020-27828.html https://www.suse.com/security/cve/CVE-2021-3272.html https://bugzilla.suse.com/1179748 https://bugzilla.suse.com/1181483 From sle-security-updates at lists.suse.com Tue Feb 16 17:15:44 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 18:15:44 +0100 (CET) Subject: SUSE-SU-2021:0489-1: important: Security update for jasper Message-ID: <20210216171544.1879AFFB4@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0489-1 Rating: important References: #1179748 #1181483 Cross-References: CVE-2020-27828 CVE-2021-3272 CVSS scores: CVE-2020-27828 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27828 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3272 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3272 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-489=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-489=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-489=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-489=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-489=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-489=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-489=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-489=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-489=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-489=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-489=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-489=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-489=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-489=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-489=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-489=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE OpenStack Cloud 9 (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE OpenStack Cloud 8 (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE OpenStack Cloud 7 (s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper-devel-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 - HPE Helion Openstack 8 (x86_64): jasper-debuginfo-1.900.14-195.25.1 jasper-debugsource-1.900.14-195.25.1 libjasper1-1.900.14-195.25.1 libjasper1-32bit-1.900.14-195.25.1 libjasper1-debuginfo-1.900.14-195.25.1 libjasper1-debuginfo-32bit-1.900.14-195.25.1 References: https://www.suse.com/security/cve/CVE-2020-27828.html https://www.suse.com/security/cve/CVE-2021-3272.html https://bugzilla.suse.com/1179748 https://bugzilla.suse.com/1181483 From sle-security-updates at lists.suse.com Tue Feb 16 17:16:58 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 18:16:58 +0100 (CET) Subject: SUSE-SU-2021:0488-1: important: Security update for jasper Message-ID: <20210216171658.ACE63FFB4@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0488-1 Rating: important References: #1179748 #1181483 Cross-References: CVE-2020-27828 CVE-2021-3272 CVSS scores: CVE-2020-27828 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27828 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3272 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3272 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-488=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-488=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-488=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-488=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-488=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-488=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-488=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-488=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-488=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-488=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-488=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-488=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-488=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-488=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-488=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-488=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-488=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Manager Proxy 4.0 (x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libjasper-devel-2.0.14-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 - SUSE CaaS Platform 4.0 (x86_64): jasper-debuginfo-2.0.14-3.19.1 jasper-debugsource-2.0.14-3.19.1 libjasper-devel-2.0.14-3.19.1 libjasper4-2.0.14-3.19.1 libjasper4-debuginfo-2.0.14-3.19.1 References: https://www.suse.com/security/cve/CVE-2020-27828.html https://www.suse.com/security/cve/CVE-2021-3272.html https://bugzilla.suse.com/1179748 https://bugzilla.suse.com/1181483 From sle-security-updates at lists.suse.com Tue Feb 16 20:16:25 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Feb 2021 21:16:25 +0100 (CET) Subject: SUSE-SU-2021:14630-1: important: Security update for the Linux Kernel Message-ID: <20210216201625.948B3FFB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14630-1 Rating: important References: #1152107 #1168952 #1173659 #1173942 #1174205 #1174247 #1174993 #1175691 #1176011 #1176012 #1176235 #1176253 #1176278 #1176395 #1176423 #1176482 #1176485 #1176722 #1176896 #1177206 #1177226 #1177666 #1177766 #1177906 #1178123 #1178182 #1178589 #1178590 #1178622 #1178886 #1179107 #1179140 #1179141 #1179419 #1179601 #1179616 #1179745 #1179877 #1180029 #1180030 #1180052 #1180086 #1180559 #1180562 #1181158 #1181166 #1181349 #1181553 Cross-References: CVE-2019-16746 CVE-2020-0404 CVE-2020-0431 CVE-2020-0465 CVE-2020-11668 CVE-2020-14331 CVE-2020-14353 CVE-2020-14381 CVE-2020-14390 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-28915 CVE-2020-28974 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVSS scores: CVE-2019-16746 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-16746 (SUSE): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-0404 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-0404 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-0431 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0431 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11668 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-11668 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-14331 (NVD) : 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14331 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14353 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2020-14381 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14381 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14390 (NVD) : 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-14390 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15436 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-15437 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-15437 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25211 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-25211 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-25284 (NVD) : 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2020-25284 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25285 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25285 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25643 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25643 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25656 (NVD) : 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-25656 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25668 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25669 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27068 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27777 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27777 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27786 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-28915 (NVD) : 5.8 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2020-28915 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-28974 (NVD) : 5 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2020-28974 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-29660 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-29660 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29661 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36158 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-14353: Fixed an issue where keys - for keyctl prevent creating a different user's keyrings (bsc#1174993). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - cifs: bugfix for unreclaimed writeback pages in cifs_writev_requeue() (bsc#1177906). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - net/x25: fix a race in x25_bind() (bsc#1178590). - net/x25: prevent a couple of overflows (bsc#1178590). - tty: fix memleak in alloc_pid (bsc#1179745). - xfs: mark all internal workqueues as freezable (bsc#1181166). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14630=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14630=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14630=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.120.1 kernel-default-base-3.0.101-108.120.1 kernel-default-devel-3.0.101-108.120.1 kernel-source-3.0.101-108.120.1 kernel-syms-3.0.101-108.120.1 kernel-trace-3.0.101-108.120.1 kernel-trace-base-3.0.101-108.120.1 kernel-trace-devel-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.120.1 kernel-ec2-base-3.0.101-108.120.1 kernel-ec2-devel-3.0.101-108.120.1 kernel-xen-3.0.101-108.120.1 kernel-xen-base-3.0.101-108.120.1 kernel-xen-devel-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.120.1 kernel-bigmem-base-3.0.101-108.120.1 kernel-bigmem-devel-3.0.101-108.120.1 kernel-ppc64-3.0.101-108.120.1 kernel-ppc64-base-3.0.101-108.120.1 kernel-ppc64-devel-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.120.1 kernel-pae-base-3.0.101-108.120.1 kernel-pae-devel-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.120.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.120.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.120.1 kernel-default-debugsource-3.0.101-108.120.1 kernel-trace-debuginfo-3.0.101-108.120.1 kernel-trace-debugsource-3.0.101-108.120.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.120.1 kernel-trace-devel-debuginfo-3.0.101-108.120.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.120.1 kernel-ec2-debugsource-3.0.101-108.120.1 kernel-xen-debuginfo-3.0.101-108.120.1 kernel-xen-debugsource-3.0.101-108.120.1 kernel-xen-devel-debuginfo-3.0.101-108.120.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.120.1 kernel-bigmem-debugsource-3.0.101-108.120.1 kernel-ppc64-debuginfo-3.0.101-108.120.1 kernel-ppc64-debugsource-3.0.101-108.120.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.120.1 kernel-pae-debugsource-3.0.101-108.120.1 kernel-pae-devel-debuginfo-3.0.101-108.120.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14353.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25211.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25285.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-25656.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-3347.html https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174993 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176012 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176253 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176485 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176896 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177226 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177766 https://bugzilla.suse.com/1177906 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178622 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179877 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180562 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181166 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181553 From sle-security-updates at lists.suse.com Wed Feb 17 11:16:35 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Feb 2021 12:16:35 +0100 (CET) Subject: SUSE-SU-2021:0491-1: important: Security update for screen Message-ID: <20210217111635.CD613FFB4@maintenance.suse.de> SUSE Security Update: Security update for screen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0491-1 Rating: important References: #1182092 Cross-References: CVE-2021-26937 CVSS scores: CVE-2021-26937 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-491=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-491=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-491=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-491=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-491=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-491=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-491=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-491=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-491=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-491=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-491=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-491=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-491=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-491=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-491=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE OpenStack Cloud 9 (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE OpenStack Cloud 8 (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 - HPE Helion Openstack 8 (x86_64): screen-4.0.4-23.6.1 screen-debuginfo-4.0.4-23.6.1 screen-debugsource-4.0.4-23.6.1 References: https://www.suse.com/security/cve/CVE-2021-26937.html https://bugzilla.suse.com/1182092 From sle-security-updates at lists.suse.com Wed Feb 17 14:17:37 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Feb 2021 15:17:37 +0100 (CET) Subject: SUSE-SU-2021:0492-1: important: Security update for screen Message-ID: <20210217141737.A3D11FFFB@maintenance.suse.de> SUSE Security Update: Security update for screen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0492-1 Rating: important References: #1182092 Cross-References: CVE-2021-26937 CVSS scores: CVE-2021-26937 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-492=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-492=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-492=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-492=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-492=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-492=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-492=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-492=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-492=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-492=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-492=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-492=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-492=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Manager Proxy 4.0 (x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 - SUSE CaaS Platform 4.0 (x86_64): screen-4.6.2-5.3.1 screen-debuginfo-4.6.2-5.3.1 screen-debugsource-4.6.2-5.3.1 References: https://www.suse.com/security/cve/CVE-2021-26937.html https://bugzilla.suse.com/1182092 From sle-security-updates at lists.suse.com Wed Feb 17 17:17:45 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Feb 2021 18:17:45 +0100 (CET) Subject: SUSE-SU-2021:0494-1: important: Security update for php7 Message-ID: <20210217171745.802DCFFB4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0494-1 Rating: important References: #1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-494=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-494=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.17.1 apache2-mod_php7-debuginfo-7.4.6-3.17.1 php7-7.4.6-3.17.1 php7-bcmath-7.4.6-3.17.1 php7-bcmath-debuginfo-7.4.6-3.17.1 php7-bz2-7.4.6-3.17.1 php7-bz2-debuginfo-7.4.6-3.17.1 php7-calendar-7.4.6-3.17.1 php7-calendar-debuginfo-7.4.6-3.17.1 php7-ctype-7.4.6-3.17.1 php7-ctype-debuginfo-7.4.6-3.17.1 php7-curl-7.4.6-3.17.1 php7-curl-debuginfo-7.4.6-3.17.1 php7-dba-7.4.6-3.17.1 php7-dba-debuginfo-7.4.6-3.17.1 php7-debuginfo-7.4.6-3.17.1 php7-debugsource-7.4.6-3.17.1 php7-devel-7.4.6-3.17.1 php7-dom-7.4.6-3.17.1 php7-dom-debuginfo-7.4.6-3.17.1 php7-enchant-7.4.6-3.17.1 php7-enchant-debuginfo-7.4.6-3.17.1 php7-exif-7.4.6-3.17.1 php7-exif-debuginfo-7.4.6-3.17.1 php7-fastcgi-7.4.6-3.17.1 php7-fastcgi-debuginfo-7.4.6-3.17.1 php7-fileinfo-7.4.6-3.17.1 php7-fileinfo-debuginfo-7.4.6-3.17.1 php7-fpm-7.4.6-3.17.1 php7-fpm-debuginfo-7.4.6-3.17.1 php7-ftp-7.4.6-3.17.1 php7-ftp-debuginfo-7.4.6-3.17.1 php7-gd-7.4.6-3.17.1 php7-gd-debuginfo-7.4.6-3.17.1 php7-gettext-7.4.6-3.17.1 php7-gettext-debuginfo-7.4.6-3.17.1 php7-gmp-7.4.6-3.17.1 php7-gmp-debuginfo-7.4.6-3.17.1 php7-iconv-7.4.6-3.17.1 php7-iconv-debuginfo-7.4.6-3.17.1 php7-intl-7.4.6-3.17.1 php7-intl-debuginfo-7.4.6-3.17.1 php7-json-7.4.6-3.17.1 php7-json-debuginfo-7.4.6-3.17.1 php7-ldap-7.4.6-3.17.1 php7-ldap-debuginfo-7.4.6-3.17.1 php7-mbstring-7.4.6-3.17.1 php7-mbstring-debuginfo-7.4.6-3.17.1 php7-mysql-7.4.6-3.17.1 php7-mysql-debuginfo-7.4.6-3.17.1 php7-odbc-7.4.6-3.17.1 php7-odbc-debuginfo-7.4.6-3.17.1 php7-opcache-7.4.6-3.17.1 php7-opcache-debuginfo-7.4.6-3.17.1 php7-openssl-7.4.6-3.17.1 php7-openssl-debuginfo-7.4.6-3.17.1 php7-pcntl-7.4.6-3.17.1 php7-pcntl-debuginfo-7.4.6-3.17.1 php7-pdo-7.4.6-3.17.1 php7-pdo-debuginfo-7.4.6-3.17.1 php7-pgsql-7.4.6-3.17.1 php7-pgsql-debuginfo-7.4.6-3.17.1 php7-phar-7.4.6-3.17.1 php7-phar-debuginfo-7.4.6-3.17.1 php7-posix-7.4.6-3.17.1 php7-posix-debuginfo-7.4.6-3.17.1 php7-readline-7.4.6-3.17.1 php7-readline-debuginfo-7.4.6-3.17.1 php7-shmop-7.4.6-3.17.1 php7-shmop-debuginfo-7.4.6-3.17.1 php7-snmp-7.4.6-3.17.1 php7-snmp-debuginfo-7.4.6-3.17.1 php7-soap-7.4.6-3.17.1 php7-soap-debuginfo-7.4.6-3.17.1 php7-sockets-7.4.6-3.17.1 php7-sockets-debuginfo-7.4.6-3.17.1 php7-sodium-7.4.6-3.17.1 php7-sodium-debuginfo-7.4.6-3.17.1 php7-sqlite-7.4.6-3.17.1 php7-sqlite-debuginfo-7.4.6-3.17.1 php7-sysvmsg-7.4.6-3.17.1 php7-sysvmsg-debuginfo-7.4.6-3.17.1 php7-sysvsem-7.4.6-3.17.1 php7-sysvsem-debuginfo-7.4.6-3.17.1 php7-sysvshm-7.4.6-3.17.1 php7-sysvshm-debuginfo-7.4.6-3.17.1 php7-tidy-7.4.6-3.17.1 php7-tidy-debuginfo-7.4.6-3.17.1 php7-tokenizer-7.4.6-3.17.1 php7-tokenizer-debuginfo-7.4.6-3.17.1 php7-xmlreader-7.4.6-3.17.1 php7-xmlreader-debuginfo-7.4.6-3.17.1 php7-xmlrpc-7.4.6-3.17.1 php7-xmlrpc-debuginfo-7.4.6-3.17.1 php7-xmlwriter-7.4.6-3.17.1 php7-xmlwriter-debuginfo-7.4.6-3.17.1 php7-xsl-7.4.6-3.17.1 php7-xsl-debuginfo-7.4.6-3.17.1 php7-zip-7.4.6-3.17.1 php7-zip-debuginfo-7.4.6-3.17.1 php7-zlib-7.4.6-3.17.1 php7-zlib-debuginfo-7.4.6-3.17.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.17.1 php7-debugsource-7.4.6-3.17.1 php7-embed-7.4.6-3.17.1 php7-embed-debuginfo-7.4.6-3.17.1 References: https://www.suse.com/security/cve/CVE-2021-21702.html https://bugzilla.suse.com/1182049 From sle-security-updates at lists.suse.com Wed Feb 17 23:16:11 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 00:16:11 +0100 (CET) Subject: SUSE-SU-2021:0498-1: important: Security update for php72 Message-ID: <20210217231611.DDF91FFB4@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0498-1 Rating: important References: #1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-498=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-498=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.60.1 php72-debugsource-7.2.5-1.60.1 php72-devel-7.2.5-1.60.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.60.1 apache2-mod_php72-debuginfo-7.2.5-1.60.1 php72-7.2.5-1.60.1 php72-bcmath-7.2.5-1.60.1 php72-bcmath-debuginfo-7.2.5-1.60.1 php72-bz2-7.2.5-1.60.1 php72-bz2-debuginfo-7.2.5-1.60.1 php72-calendar-7.2.5-1.60.1 php72-calendar-debuginfo-7.2.5-1.60.1 php72-ctype-7.2.5-1.60.1 php72-ctype-debuginfo-7.2.5-1.60.1 php72-curl-7.2.5-1.60.1 php72-curl-debuginfo-7.2.5-1.60.1 php72-dba-7.2.5-1.60.1 php72-dba-debuginfo-7.2.5-1.60.1 php72-debuginfo-7.2.5-1.60.1 php72-debugsource-7.2.5-1.60.1 php72-dom-7.2.5-1.60.1 php72-dom-debuginfo-7.2.5-1.60.1 php72-enchant-7.2.5-1.60.1 php72-enchant-debuginfo-7.2.5-1.60.1 php72-exif-7.2.5-1.60.1 php72-exif-debuginfo-7.2.5-1.60.1 php72-fastcgi-7.2.5-1.60.1 php72-fastcgi-debuginfo-7.2.5-1.60.1 php72-fileinfo-7.2.5-1.60.1 php72-fileinfo-debuginfo-7.2.5-1.60.1 php72-fpm-7.2.5-1.60.1 php72-fpm-debuginfo-7.2.5-1.60.1 php72-ftp-7.2.5-1.60.1 php72-ftp-debuginfo-7.2.5-1.60.1 php72-gd-7.2.5-1.60.1 php72-gd-debuginfo-7.2.5-1.60.1 php72-gettext-7.2.5-1.60.1 php72-gettext-debuginfo-7.2.5-1.60.1 php72-gmp-7.2.5-1.60.1 php72-gmp-debuginfo-7.2.5-1.60.1 php72-iconv-7.2.5-1.60.1 php72-iconv-debuginfo-7.2.5-1.60.1 php72-imap-7.2.5-1.60.1 php72-imap-debuginfo-7.2.5-1.60.1 php72-intl-7.2.5-1.60.1 php72-intl-debuginfo-7.2.5-1.60.1 php72-json-7.2.5-1.60.1 php72-json-debuginfo-7.2.5-1.60.1 php72-ldap-7.2.5-1.60.1 php72-ldap-debuginfo-7.2.5-1.60.1 php72-mbstring-7.2.5-1.60.1 php72-mbstring-debuginfo-7.2.5-1.60.1 php72-mysql-7.2.5-1.60.1 php72-mysql-debuginfo-7.2.5-1.60.1 php72-odbc-7.2.5-1.60.1 php72-odbc-debuginfo-7.2.5-1.60.1 php72-opcache-7.2.5-1.60.1 php72-opcache-debuginfo-7.2.5-1.60.1 php72-openssl-7.2.5-1.60.1 php72-openssl-debuginfo-7.2.5-1.60.1 php72-pcntl-7.2.5-1.60.1 php72-pcntl-debuginfo-7.2.5-1.60.1 php72-pdo-7.2.5-1.60.1 php72-pdo-debuginfo-7.2.5-1.60.1 php72-pgsql-7.2.5-1.60.1 php72-pgsql-debuginfo-7.2.5-1.60.1 php72-phar-7.2.5-1.60.1 php72-phar-debuginfo-7.2.5-1.60.1 php72-posix-7.2.5-1.60.1 php72-posix-debuginfo-7.2.5-1.60.1 php72-pspell-7.2.5-1.60.1 php72-pspell-debuginfo-7.2.5-1.60.1 php72-readline-7.2.5-1.60.1 php72-readline-debuginfo-7.2.5-1.60.1 php72-shmop-7.2.5-1.60.1 php72-shmop-debuginfo-7.2.5-1.60.1 php72-snmp-7.2.5-1.60.1 php72-snmp-debuginfo-7.2.5-1.60.1 php72-soap-7.2.5-1.60.1 php72-soap-debuginfo-7.2.5-1.60.1 php72-sockets-7.2.5-1.60.1 php72-sockets-debuginfo-7.2.5-1.60.1 php72-sodium-7.2.5-1.60.1 php72-sodium-debuginfo-7.2.5-1.60.1 php72-sqlite-7.2.5-1.60.1 php72-sqlite-debuginfo-7.2.5-1.60.1 php72-sysvmsg-7.2.5-1.60.1 php72-sysvmsg-debuginfo-7.2.5-1.60.1 php72-sysvsem-7.2.5-1.60.1 php72-sysvsem-debuginfo-7.2.5-1.60.1 php72-sysvshm-7.2.5-1.60.1 php72-sysvshm-debuginfo-7.2.5-1.60.1 php72-tidy-7.2.5-1.60.1 php72-tidy-debuginfo-7.2.5-1.60.1 php72-tokenizer-7.2.5-1.60.1 php72-tokenizer-debuginfo-7.2.5-1.60.1 php72-wddx-7.2.5-1.60.1 php72-wddx-debuginfo-7.2.5-1.60.1 php72-xmlreader-7.2.5-1.60.1 php72-xmlreader-debuginfo-7.2.5-1.60.1 php72-xmlrpc-7.2.5-1.60.1 php72-xmlrpc-debuginfo-7.2.5-1.60.1 php72-xmlwriter-7.2.5-1.60.1 php72-xmlwriter-debuginfo-7.2.5-1.60.1 php72-xsl-7.2.5-1.60.1 php72-xsl-debuginfo-7.2.5-1.60.1 php72-zip-7.2.5-1.60.1 php72-zip-debuginfo-7.2.5-1.60.1 php72-zlib-7.2.5-1.60.1 php72-zlib-debuginfo-7.2.5-1.60.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.60.1 php72-pear-Archive_Tar-7.2.5-1.60.1 References: https://www.suse.com/security/cve/CVE-2021-21702.html https://bugzilla.suse.com/1182049 From sle-security-updates at lists.suse.com Thu Feb 18 14:16:38 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 15:16:38 +0100 (CET) Subject: SUSE-SU-2021:0507-1: important: Security update for bind Message-ID: <20210218141638.4BC3EFFA5@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0507-1 Rating: important References: #1182246 Cross-References: CVE-2020-8625 CVSS scores: CVE-2020-8625 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-507=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-507=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-507=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-507=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-507=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-507=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-507=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-507=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-507=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-507=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-507=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-507=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-507=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-507=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-507=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Manager Server 4.0 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Manager Retail Branch Server 4.0 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Manager Proxy 4.0 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Manager Proxy 4.0 (x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): bind-doc-9.16.6-12.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 - SUSE Enterprise Storage 6 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE CaaS Platform 4.0 (noarch): bind-doc-9.16.6-12.41.1 python3-bind-9.16.6-12.41.1 - SUSE CaaS Platform 4.0 (x86_64): bind-9.16.6-12.41.1 bind-chrootenv-9.16.6-12.41.1 bind-debuginfo-9.16.6-12.41.1 bind-debugsource-9.16.6-12.41.1 bind-devel-9.16.6-12.41.1 bind-utils-9.16.6-12.41.1 bind-utils-debuginfo-9.16.6-12.41.1 libbind9-1600-9.16.6-12.41.1 libbind9-1600-debuginfo-9.16.6-12.41.1 libdns1605-9.16.6-12.41.1 libdns1605-debuginfo-9.16.6-12.41.1 libirs-devel-9.16.6-12.41.1 libirs1601-9.16.6-12.41.1 libirs1601-debuginfo-9.16.6-12.41.1 libisc1606-9.16.6-12.41.1 libisc1606-debuginfo-9.16.6-12.41.1 libisccc1600-9.16.6-12.41.1 libisccc1600-debuginfo-9.16.6-12.41.1 libisccfg1600-9.16.6-12.41.1 libisccfg1600-debuginfo-9.16.6-12.41.1 libns1604-9.16.6-12.41.1 libns1604-debuginfo-9.16.6-12.41.1 References: https://www.suse.com/security/cve/CVE-2020-8625.html https://bugzilla.suse.com/1182246 From sle-security-updates at lists.suse.com Thu Feb 18 14:18:47 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 15:18:47 +0100 (CET) Subject: SUSE-SU-2021:14632-1: important: Security update for bind Message-ID: <20210218141847.6F854FFA5@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14632-1 Rating: important References: #1182246 Cross-References: CVE-2020-8625 CVSS scores: CVE-2020-8625 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bind-14632=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-14632=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-14632=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-14632=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bind-9.9.6P1-0.51.23.1 bind-chrootenv-9.9.6P1-0.51.23.1 bind-doc-9.9.6P1-0.51.23.1 bind-libs-9.9.6P1-0.51.23.1 bind-utils-9.9.6P1-0.51.23.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.51.23.1 bind-chrootenv-9.9.6P1-0.51.23.1 bind-devel-9.9.6P1-0.51.23.1 bind-doc-9.9.6P1-0.51.23.1 bind-libs-9.9.6P1-0.51.23.1 bind-utils-9.9.6P1-0.51.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.23.1 bind-debugsource-9.9.6P1-0.51.23.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.23.1 bind-debugsource-9.9.6P1-0.51.23.1 References: https://www.suse.com/security/cve/CVE-2020-8625.html https://bugzilla.suse.com/1182246 From sle-security-updates at lists.suse.com Thu Feb 18 14:19:48 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 15:19:48 +0100 (CET) Subject: SUSE-SU-2021:0504-1: important: Security update for bind Message-ID: <20210218141948.CF833FFA5@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0504-1 Rating: important References: #1182246 Cross-References: CVE-2020-8625 CVSS scores: CVE-2020-8625 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-504=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-504=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-504=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-504=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-504=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-504=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-504=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-504=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-504=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-504=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE OpenStack Cloud 8 (x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE OpenStack Cloud 8 (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE OpenStack Cloud 7 (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bind-doc-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.20.1 - HPE Helion Openstack 8 (x86_64): bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-debuginfo-9.9.9P1-63.20.1 bind-debugsource-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-debuginfo-32bit-9.9.9P1-63.20.1 bind-libs-debuginfo-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-utils-debuginfo-9.9.9P1-63.20.1 - HPE Helion Openstack 8 (noarch): bind-doc-9.9.9P1-63.20.1 References: https://www.suse.com/security/cve/CVE-2020-8625.html https://bugzilla.suse.com/1182246 From sle-security-updates at lists.suse.com Thu Feb 18 14:20:50 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 15:20:50 +0100 (CET) Subject: SUSE-SU-2021:0503-1: important: Security update for bind Message-ID: <20210218142050.30A2DFFA5@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0503-1 Rating: important References: #1182246 Cross-References: CVE-2020-8625 CVSS scores: CVE-2020-8625 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-503=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-503=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-503=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-503=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-503=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-503=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bind-9.11.22-3.29.1 bind-chrootenv-9.11.22-3.29.1 bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-utils-9.11.22-3.29.1 bind-utils-debuginfo-9.11.22-3.29.1 libbind9-161-9.11.22-3.29.1 libbind9-161-debuginfo-9.11.22-3.29.1 libdns1110-9.11.22-3.29.1 libdns1110-debuginfo-9.11.22-3.29.1 libirs161-9.11.22-3.29.1 libirs161-debuginfo-9.11.22-3.29.1 libisc1107-32bit-9.11.22-3.29.1 libisc1107-9.11.22-3.29.1 libisc1107-debuginfo-32bit-9.11.22-3.29.1 libisc1107-debuginfo-9.11.22-3.29.1 libisccc161-9.11.22-3.29.1 libisccc161-debuginfo-9.11.22-3.29.1 libisccfg163-9.11.22-3.29.1 libisccfg163-debuginfo-9.11.22-3.29.1 liblwres161-9.11.22-3.29.1 liblwres161-debuginfo-9.11.22-3.29.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): bind-doc-9.11.22-3.29.1 python-bind-9.11.22-3.29.1 - SUSE OpenStack Cloud 9 (x86_64): bind-9.11.22-3.29.1 bind-chrootenv-9.11.22-3.29.1 bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-utils-9.11.22-3.29.1 bind-utils-debuginfo-9.11.22-3.29.1 libbind9-161-9.11.22-3.29.1 libbind9-161-debuginfo-9.11.22-3.29.1 libdns1110-9.11.22-3.29.1 libdns1110-debuginfo-9.11.22-3.29.1 libirs161-9.11.22-3.29.1 libirs161-debuginfo-9.11.22-3.29.1 libisc1107-32bit-9.11.22-3.29.1 libisc1107-9.11.22-3.29.1 libisc1107-debuginfo-32bit-9.11.22-3.29.1 libisc1107-debuginfo-9.11.22-3.29.1 libisccc161-9.11.22-3.29.1 libisccc161-debuginfo-9.11.22-3.29.1 libisccfg163-9.11.22-3.29.1 libisccfg163-debuginfo-9.11.22-3.29.1 liblwres161-9.11.22-3.29.1 liblwres161-debuginfo-9.11.22-3.29.1 - SUSE OpenStack Cloud 9 (noarch): bind-doc-9.11.22-3.29.1 python-bind-9.11.22-3.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-devel-9.11.22-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bind-9.11.22-3.29.1 bind-chrootenv-9.11.22-3.29.1 bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-utils-9.11.22-3.29.1 bind-utils-debuginfo-9.11.22-3.29.1 libbind9-161-9.11.22-3.29.1 libbind9-161-debuginfo-9.11.22-3.29.1 libdns1110-9.11.22-3.29.1 libdns1110-debuginfo-9.11.22-3.29.1 libirs161-9.11.22-3.29.1 libirs161-debuginfo-9.11.22-3.29.1 libisc1107-9.11.22-3.29.1 libisc1107-debuginfo-9.11.22-3.29.1 libisccc161-9.11.22-3.29.1 libisccc161-debuginfo-9.11.22-3.29.1 libisccfg163-9.11.22-3.29.1 libisccfg163-debuginfo-9.11.22-3.29.1 liblwres161-9.11.22-3.29.1 liblwres161-debuginfo-9.11.22-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libisc1107-32bit-9.11.22-3.29.1 libisc1107-debuginfo-32bit-9.11.22-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bind-doc-9.11.22-3.29.1 python-bind-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.29.1 bind-chrootenv-9.11.22-3.29.1 bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-utils-9.11.22-3.29.1 bind-utils-debuginfo-9.11.22-3.29.1 libbind9-161-9.11.22-3.29.1 libbind9-161-debuginfo-9.11.22-3.29.1 libdns1110-9.11.22-3.29.1 libdns1110-debuginfo-9.11.22-3.29.1 libirs161-9.11.22-3.29.1 libirs161-debuginfo-9.11.22-3.29.1 libisc1107-9.11.22-3.29.1 libisc1107-debuginfo-9.11.22-3.29.1 libisccc161-9.11.22-3.29.1 libisccc161-debuginfo-9.11.22-3.29.1 libisccfg163-9.11.22-3.29.1 libisccfg163-debuginfo-9.11.22-3.29.1 liblwres161-9.11.22-3.29.1 liblwres161-debuginfo-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libisc1107-32bit-9.11.22-3.29.1 libisc1107-debuginfo-32bit-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bind-doc-9.11.22-3.29.1 python-bind-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.29.1 bind-chrootenv-9.11.22-3.29.1 bind-debuginfo-9.11.22-3.29.1 bind-debugsource-9.11.22-3.29.1 bind-utils-9.11.22-3.29.1 bind-utils-debuginfo-9.11.22-3.29.1 libbind9-161-9.11.22-3.29.1 libbind9-161-debuginfo-9.11.22-3.29.1 libdns1110-9.11.22-3.29.1 libdns1110-debuginfo-9.11.22-3.29.1 libirs161-9.11.22-3.29.1 libirs161-debuginfo-9.11.22-3.29.1 libisc1107-9.11.22-3.29.1 libisc1107-debuginfo-9.11.22-3.29.1 libisccc161-9.11.22-3.29.1 libisccc161-debuginfo-9.11.22-3.29.1 libisccfg163-9.11.22-3.29.1 libisccfg163-debuginfo-9.11.22-3.29.1 liblwres161-9.11.22-3.29.1 liblwres161-debuginfo-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libisc1107-32bit-9.11.22-3.29.1 libisc1107-debuginfo-32bit-9.11.22-3.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bind-doc-9.11.22-3.29.1 python-bind-9.11.22-3.29.1 References: https://www.suse.com/security/cve/CVE-2020-8625.html https://bugzilla.suse.com/1182246 From sle-security-updates at lists.suse.com Thu Feb 18 17:15:28 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 18:15:28 +0100 (CET) Subject: SUSE-SU-2021:0512-1: important: Security update for java-1_7_1-ibm Message-ID: <20210218171528.676F4FFA5@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0512-1 Rating: important References: #1181239 #1182186 Cross-References: CVE-2020-14803 CVE-2020-27221 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27221 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27221 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-512=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-512=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-512=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-512=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-512=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-512=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-512=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-512=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-512=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-512=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-512=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-512=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-512=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-512=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-512=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-512=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://www.suse.com/security/cve/CVE-2020-27221.html https://bugzilla.suse.com/1181239 https://bugzilla.suse.com/1182186 From sle-security-updates at lists.suse.com Thu Feb 18 17:16:36 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Feb 2021 18:16:36 +0100 (CET) Subject: SUSE-SU-2021:0515-1: moderate: Security update for python-urllib3 Message-ID: <20210218171636.E49C4FFA5@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0515-1 Rating: moderate References: #1177211 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-515=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-515=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-515=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-urllib3-1.22-5.15.1 - SUSE OpenStack Cloud 8 (noarch): python-urllib3-1.22-5.15.1 - HPE Helion Openstack 8 (noarch): python-urllib3-1.22-5.15.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 From sle-security-updates at lists.suse.com Fri Feb 19 14:16:03 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 15:16:03 +0100 (CET) Subject: SUSE-SU-2021:0521-1: important: Security update for qemu Message-ID: <20210219141603.EB829FFA5@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0521-1 Rating: important References: #1178049 #1178565 #1179717 #1179719 #1180523 #1181639 #1181933 #1182137 Cross-References: CVE-2020-11947 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVSS scores: CVE-2020-11947 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-11947 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-20181 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-20203 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-20221 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed "Failed to try-restart qemu-ga at .service" error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-521=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-521=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.13.1 qemu-block-curl-4.2.1-11.13.1 qemu-block-curl-debuginfo-4.2.1-11.13.1 qemu-block-iscsi-4.2.1-11.13.1 qemu-block-iscsi-debuginfo-4.2.1-11.13.1 qemu-block-rbd-4.2.1-11.13.1 qemu-block-rbd-debuginfo-4.2.1-11.13.1 qemu-block-ssh-4.2.1-11.13.1 qemu-block-ssh-debuginfo-4.2.1-11.13.1 qemu-debuginfo-4.2.1-11.13.1 qemu-debugsource-4.2.1-11.13.1 qemu-guest-agent-4.2.1-11.13.1 qemu-guest-agent-debuginfo-4.2.1-11.13.1 qemu-lang-4.2.1-11.13.1 qemu-ui-spice-app-4.2.1-11.13.1 qemu-ui-spice-app-debuginfo-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.13.1 qemu-ppc-debuginfo-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.13.1 qemu-arm-debuginfo-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.13.1 qemu-microvm-4.2.1-11.13.1 qemu-seabios-1.12.1+-11.13.1 qemu-sgabios-8-11.13.1 qemu-vgabios-1.12.1+-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.13.1 qemu-audio-alsa-debuginfo-4.2.1-11.13.1 qemu-audio-pa-4.2.1-11.13.1 qemu-audio-pa-debuginfo-4.2.1-11.13.1 qemu-ui-curses-4.2.1-11.13.1 qemu-ui-curses-debuginfo-4.2.1-11.13.1 qemu-ui-gtk-4.2.1-11.13.1 qemu-ui-gtk-debuginfo-4.2.1-11.13.1 qemu-x86-4.2.1-11.13.1 qemu-x86-debuginfo-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.13.1 qemu-s390-debuginfo-4.2.1-11.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.13.1 qemu-debugsource-4.2.1-11.13.1 qemu-tools-4.2.1-11.13.1 qemu-tools-debuginfo-4.2.1-11.13.1 References: https://www.suse.com/security/cve/CVE-2020-11947.html https://www.suse.com/security/cve/CVE-2021-20181.html https://www.suse.com/security/cve/CVE-2021-20203.html https://www.suse.com/security/cve/CVE-2021-20221.html https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178565 https://bugzilla.suse.com/1179717 https://bugzilla.suse.com/1179719 https://bugzilla.suse.com/1180523 https://bugzilla.suse.com/1181639 https://bugzilla.suse.com/1181933 https://bugzilla.suse.com/1182137 From sle-security-updates at lists.suse.com Fri Feb 19 14:21:44 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 15:21:44 +0100 (CET) Subject: SUSE-SU-2021:14634-1: important: Security update for java-1_7_1-ibm Message-ID: <20210219142144.AC181FFA5@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14634-1 Rating: important References: #1181239 #1182186 Cross-References: CVE-2020-14803 CVE-2020-27221 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27221 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27221 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14634=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.80-26.65.1 java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1 java-1_7_1-ibm-plugin-1.7.1_sr4.80-26.65.1 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://www.suse.com/security/cve/CVE-2020-27221.html https://bugzilla.suse.com/1181239 https://bugzilla.suse.com/1182186 From sle-security-updates at lists.suse.com Fri Feb 19 14:22:49 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 15:22:49 +0100 (CET) Subject: SUSE-SU-2021:0522-1: important: Security update for php74 Message-ID: <20210219142249.06348FFA5@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0522-1 Rating: important References: #1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-522=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-522=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.19.1 php74-debugsource-7.4.6-1.19.1 php74-devel-7.4.6-1.19.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.19.1 apache2-mod_php74-debuginfo-7.4.6-1.19.1 php74-7.4.6-1.19.1 php74-bcmath-7.4.6-1.19.1 php74-bcmath-debuginfo-7.4.6-1.19.1 php74-bz2-7.4.6-1.19.1 php74-bz2-debuginfo-7.4.6-1.19.1 php74-calendar-7.4.6-1.19.1 php74-calendar-debuginfo-7.4.6-1.19.1 php74-ctype-7.4.6-1.19.1 php74-ctype-debuginfo-7.4.6-1.19.1 php74-curl-7.4.6-1.19.1 php74-curl-debuginfo-7.4.6-1.19.1 php74-dba-7.4.6-1.19.1 php74-dba-debuginfo-7.4.6-1.19.1 php74-debuginfo-7.4.6-1.19.1 php74-debugsource-7.4.6-1.19.1 php74-dom-7.4.6-1.19.1 php74-dom-debuginfo-7.4.6-1.19.1 php74-enchant-7.4.6-1.19.1 php74-enchant-debuginfo-7.4.6-1.19.1 php74-exif-7.4.6-1.19.1 php74-exif-debuginfo-7.4.6-1.19.1 php74-fastcgi-7.4.6-1.19.1 php74-fastcgi-debuginfo-7.4.6-1.19.1 php74-fileinfo-7.4.6-1.19.1 php74-fileinfo-debuginfo-7.4.6-1.19.1 php74-fpm-7.4.6-1.19.1 php74-fpm-debuginfo-7.4.6-1.19.1 php74-ftp-7.4.6-1.19.1 php74-ftp-debuginfo-7.4.6-1.19.1 php74-gd-7.4.6-1.19.1 php74-gd-debuginfo-7.4.6-1.19.1 php74-gettext-7.4.6-1.19.1 php74-gettext-debuginfo-7.4.6-1.19.1 php74-gmp-7.4.6-1.19.1 php74-gmp-debuginfo-7.4.6-1.19.1 php74-iconv-7.4.6-1.19.1 php74-iconv-debuginfo-7.4.6-1.19.1 php74-intl-7.4.6-1.19.1 php74-intl-debuginfo-7.4.6-1.19.1 php74-json-7.4.6-1.19.1 php74-json-debuginfo-7.4.6-1.19.1 php74-ldap-7.4.6-1.19.1 php74-ldap-debuginfo-7.4.6-1.19.1 php74-mbstring-7.4.6-1.19.1 php74-mbstring-debuginfo-7.4.6-1.19.1 php74-mysql-7.4.6-1.19.1 php74-mysql-debuginfo-7.4.6-1.19.1 php74-odbc-7.4.6-1.19.1 php74-odbc-debuginfo-7.4.6-1.19.1 php74-opcache-7.4.6-1.19.1 php74-opcache-debuginfo-7.4.6-1.19.1 php74-openssl-7.4.6-1.19.1 php74-openssl-debuginfo-7.4.6-1.19.1 php74-pcntl-7.4.6-1.19.1 php74-pcntl-debuginfo-7.4.6-1.19.1 php74-pdo-7.4.6-1.19.1 php74-pdo-debuginfo-7.4.6-1.19.1 php74-pgsql-7.4.6-1.19.1 php74-pgsql-debuginfo-7.4.6-1.19.1 php74-phar-7.4.6-1.19.1 php74-phar-debuginfo-7.4.6-1.19.1 php74-posix-7.4.6-1.19.1 php74-posix-debuginfo-7.4.6-1.19.1 php74-readline-7.4.6-1.19.1 php74-readline-debuginfo-7.4.6-1.19.1 php74-shmop-7.4.6-1.19.1 php74-shmop-debuginfo-7.4.6-1.19.1 php74-snmp-7.4.6-1.19.1 php74-snmp-debuginfo-7.4.6-1.19.1 php74-soap-7.4.6-1.19.1 php74-soap-debuginfo-7.4.6-1.19.1 php74-sockets-7.4.6-1.19.1 php74-sockets-debuginfo-7.4.6-1.19.1 php74-sodium-7.4.6-1.19.1 php74-sodium-debuginfo-7.4.6-1.19.1 php74-sqlite-7.4.6-1.19.1 php74-sqlite-debuginfo-7.4.6-1.19.1 php74-sysvmsg-7.4.6-1.19.1 php74-sysvmsg-debuginfo-7.4.6-1.19.1 php74-sysvsem-7.4.6-1.19.1 php74-sysvsem-debuginfo-7.4.6-1.19.1 php74-sysvshm-7.4.6-1.19.1 php74-sysvshm-debuginfo-7.4.6-1.19.1 php74-tidy-7.4.6-1.19.1 php74-tidy-debuginfo-7.4.6-1.19.1 php74-tokenizer-7.4.6-1.19.1 php74-tokenizer-debuginfo-7.4.6-1.19.1 php74-xmlreader-7.4.6-1.19.1 php74-xmlreader-debuginfo-7.4.6-1.19.1 php74-xmlrpc-7.4.6-1.19.1 php74-xmlrpc-debuginfo-7.4.6-1.19.1 php74-xmlwriter-7.4.6-1.19.1 php74-xmlwriter-debuginfo-7.4.6-1.19.1 php74-xsl-7.4.6-1.19.1 php74-xsl-debuginfo-7.4.6-1.19.1 php74-zip-7.4.6-1.19.1 php74-zip-debuginfo-7.4.6-1.19.1 php74-zlib-7.4.6-1.19.1 php74-zlib-debuginfo-7.4.6-1.19.1 References: https://www.suse.com/security/cve/CVE-2021-21702.html https://bugzilla.suse.com/1182049 From sle-security-updates at lists.suse.com Fri Feb 19 17:14:51 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 18:14:51 +0100 (CET) Subject: SUSE-SU-2021:0531-1: moderate: Security update for tomcat Message-ID: <20210219171451.C4286FFA5@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0531-1 Rating: moderate References: #1180947 Cross-References: CVE-2021-24122 CVSS scores: CVE-2021-24122 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-24122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-531=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.21.1 tomcat-admin-webapps-9.0.36-3.21.1 tomcat-el-3_0-api-9.0.36-3.21.1 tomcat-jsp-2_3-api-9.0.36-3.21.1 tomcat-lib-9.0.36-3.21.1 tomcat-servlet-4_0-api-9.0.36-3.21.1 tomcat-webapps-9.0.36-3.21.1 References: https://www.suse.com/security/cve/CVE-2021-24122.html https://bugzilla.suse.com/1180947 From sle-security-updates at lists.suse.com Fri Feb 19 17:15:51 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 18:15:51 +0100 (CET) Subject: SUSE-SU-2021:0529-1: moderate: Security update for python3 Message-ID: <20210219171551.53F92FFA5@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0529-1 Rating: moderate References: #1176262 #1179756 #1180686 #1181126 Cross-References: CVE-2019-20916 CVE-2021-3177 CVSS scores: CVE-2019-20916 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2021-3177 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3177 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-529=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-529=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-tools-3.6.12-3.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-3.75.1 libpython3_6m1_0-debuginfo-3.6.12-3.75.1 python3-3.6.12-3.75.1 python3-base-3.6.12-3.75.1 python3-curses-3.6.12-3.75.1 python3-curses-debuginfo-3.6.12-3.75.1 python3-dbm-3.6.12-3.75.1 python3-dbm-debuginfo-3.6.12-3.75.1 python3-debuginfo-3.6.12-3.75.1 python3-debugsource-3.6.12-3.75.1 python3-devel-3.6.12-3.75.1 python3-devel-debuginfo-3.6.12-3.75.1 python3-idle-3.6.12-3.75.1 python3-tk-3.6.12-3.75.1 python3-tk-debuginfo-3.6.12-3.75.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2021-3177.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1179756 https://bugzilla.suse.com/1180686 https://bugzilla.suse.com/1181126 From sle-security-updates at lists.suse.com Fri Feb 19 17:19:20 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 18:19:20 +0100 (CET) Subject: SUSE-SU-2021:0528-1: moderate: Security update for ImageMagick Message-ID: <20210219171920.1EDE3FFA5@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0528-1 Rating: moderate References: #1179322 #1181836 Cross-References: CVE-2020-27767 CVE-2021-20176 CVSS scores: CVE-2020-27767 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-27767 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20176 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20176 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero (bsc#1181836). - CVE-2020-27767: outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-528=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-528=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-528=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.159.2 ImageMagick-debuginfo-6.8.8.1-71.159.2 ImageMagick-debugsource-6.8.8.1-71.159.2 libMagick++-6_Q16-3-6.8.8.1-71.159.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.159.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.159.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.159.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.159.2 ImageMagick-config-6-SUSE-6.8.8.1-71.159.2 ImageMagick-config-6-upstream-6.8.8.1-71.159.2 ImageMagick-debuginfo-6.8.8.1-71.159.2 ImageMagick-debugsource-6.8.8.1-71.159.2 ImageMagick-devel-6.8.8.1-71.159.2 libMagick++-6_Q16-3-6.8.8.1-71.159.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.159.2 libMagick++-devel-6.8.8.1-71.159.2 perl-PerlMagick-6.8.8.1-71.159.2 perl-PerlMagick-debuginfo-6.8.8.1-71.159.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.159.2 ImageMagick-config-6-upstream-6.8.8.1-71.159.2 ImageMagick-debuginfo-6.8.8.1-71.159.2 ImageMagick-debugsource-6.8.8.1-71.159.2 libMagickCore-6_Q16-1-6.8.8.1-71.159.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.159.2 libMagickWand-6_Q16-1-6.8.8.1-71.159.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.159.2 References: https://www.suse.com/security/cve/CVE-2020-27767.html https://www.suse.com/security/cve/CVE-2021-20176.html https://bugzilla.suse.com/1179322 https://bugzilla.suse.com/1181836 From sle-security-updates at lists.suse.com Fri Feb 19 17:20:28 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 18:20:28 +0100 (CET) Subject: SUSE-SU-2021:0530-1: moderate: Security update for tomcat Message-ID: <20210219172028.3D0E1FFA5@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0530-1 Rating: moderate References: #1180947 Cross-References: CVE-2021-24122 CVSS scores: CVE-2021-24122 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-24122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-530=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.61.1 tomcat-admin-webapps-9.0.36-3.61.1 tomcat-docs-webapp-9.0.36-3.61.1 tomcat-el-3_0-api-9.0.36-3.61.1 tomcat-javadoc-9.0.36-3.61.1 tomcat-jsp-2_3-api-9.0.36-3.61.1 tomcat-lib-9.0.36-3.61.1 tomcat-servlet-4_0-api-9.0.36-3.61.1 tomcat-webapps-9.0.36-3.61.1 References: https://www.suse.com/security/cve/CVE-2021-24122.html https://bugzilla.suse.com/1180947 From sle-security-updates at lists.suse.com Fri Feb 19 17:21:31 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 18:21:31 +0100 (CET) Subject: SUSE-SU-2021:0527-1: important: Security update for krb5-appl Message-ID: <20210219172131.50FEAFFA5@maintenance.suse.de> SUSE Security Update: Security update for krb5-appl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0527-1 Rating: important References: #1131109 Cross-References: CVE-2019-25017 CVE-2019-25018 CVSS scores: CVE-2019-25017 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-25018 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-527=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-527=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-527=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-527=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-527=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-527=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-527=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-527=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-527=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-527=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-527=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-527=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-527=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-527=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-527=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE OpenStack Cloud 9 (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 - HPE Helion Openstack 8 (x86_64): krb5-appl-clients-1.0.3-3.6.1 krb5-appl-clients-debuginfo-1.0.3-3.6.1 krb5-appl-debugsource-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-servers-debuginfo-1.0.3-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-25017.html https://www.suse.com/security/cve/CVE-2019-25018.html https://bugzilla.suse.com/1131109 From sle-security-updates at lists.suse.com Fri Feb 19 20:14:55 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 21:14:55 +0100 (CET) Subject: SUSE-SU-2021:0532-1: important: Security update for the Linux Kernel Message-ID: <20210219201455.35480FFA5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0532-1 Rating: important References: #1046305 #1046306 #1046540 #1046542 #1046648 #1050242 #1050244 #1050536 #1050538 #1050545 #1056653 #1056657 #1056787 #1064802 #1066129 #1073513 #1074220 #1075020 #1086282 #1086301 #1086313 #1086314 #1098633 #1103990 #1103991 #1103992 #1104270 #1104277 #1104279 #1104353 #1104427 #1104742 #1104745 #1109837 #1111981 #1112178 #1112374 #1113956 #1119113 #1126206 #1126390 #1127354 #1127371 #1129770 #1136348 #1149032 #1174206 #1176831 #1176846 #1178036 #1178049 #1178900 #1179093 #1179142 #1179508 #1179509 #1179563 #1179573 #1179575 #1179878 #1180130 #1180765 #1180812 #1180891 #1180912 #1181018 #1181170 #1181230 #1181231 #1181260 #1181349 #1181425 #1181504 #1181809 Cross-References: CVE-2020-25639 CVE-2020-27835 CVE-2020-29568 CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 CVSS scores: CVE-2020-25639 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-27835 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-29568 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29568 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-0342 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0342 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20177 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3347 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3347 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 66 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). The following non-security bugs were fixed: - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ASoC: Intel: haswell: Add missing pm_ops (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - EDAC/amd64: Fix PCI component registration (bsc#1112178). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (bsc#1103991). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (bsc#1181230). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (git-fixes). - NFS: nfs_igrab_and_active must first reference the superblock (git-fixes). - NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes). - NFSv4.2: condition READDIR's mask for security label based on LSM state (git-fixes). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1103992). - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244 ). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1104742). - RDMA/cma: Do not overwrite sgid_attr after device is released (bsc#1103992). - RDMA/core: Ensure security pkey modify is not lost (bsc#1046306 ). - RDMA/core: Fix pkey and port assignment in get_new_pps (bsc#1046306). - RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bsc#1046306). - RDMA/core: Fix reported speed and width (bsc#1046306 ). - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1103992). - RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306 ). - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1104427). - RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver (bsc#1104427). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (bsc#1104427 bsc#1126206). - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427 ). - RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (bsc#1104427). - RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348 jsc#SLE-4684). - RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348 jsc#SLE-4684). - RDMA/mlx5: Add init2init as a modify command (bsc#1103991 ). - RDMA/mlx5: Fix typo in enum name (bsc#1103991). - RDMA/mlx5: Fix wrong free of blue flame register on error (bsc#1103991). - RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545 ). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - USB: ehci: fix an interrupt calltrace error (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - __netif_receive_skb_core: pass skb by reference (bsc#1109837). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - bnxt_en: Do not query FW when netif_running() is false (bsc#1086282). - bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745 ). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (bsc#1104745). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bnxt_en: Reset rings if ring reservation fails during open() (bsc#1086282). - bnxt_en: fix HWRM error when querying VF temperature (bsc#1104745). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242 ). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: return proper error codes in bnxt_show_temp (bsc#1104745). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206). - btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206). - btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - caif: no need to check return value of debugfs_create functions (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - chelsio/chtls: correct function return and return type (bsc#1104270). - chelsio/chtls: correct netdevice for vlan interface (bsc#1104270 ). - chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270 ). - chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270 ). - chelsio/chtls: fix deadlock issue (bsc#1104270). - chelsio/chtls: fix memory leaks caused by a race (bsc#1104270 ). - chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270 ). - chelsio/chtls: fix panic during unload reload chtls (bsc#1104270 ). - chelsio/chtls: fix socket lock (bsc#1104270). - chelsio/chtls: fix tls record info to user (bsc#1104270 ). - chtls: Added a check to avoid NULL pointer dereference (bsc#1104270). - chtls: Fix chtls resources release sequence (bsc#1104270 ). - chtls: Fix hardware tid leak (bsc#1104270). - chtls: Remove invalid set_tcb call (bsc#1104270). - chtls: Replace skb_dequeue with skb_peek (bsc#1104270 ). - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled (bsc#1109837). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4/cxgb4vf: fix flow control display for auto negotiation (bsc#1046540 bsc#1046542). - cxgb4: fix SGE queue dump destination buffer context (bsc#1073513). - cxgb4: fix adapter crash due to wrong MC size (bsc#1073513). - cxgb4: fix all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: fix large delays in PTP synchronization (bsc#1046540 bsc#1046648). - cxgb4: fix the panic caused by non smac rewrite (bsc#1064802 bsc#1066129). - cxgb4: fix thermal zone device registration (bsc#1104279 bsc#1104277). - cxgb4: fix throughput drop during Tx backpressure (bsc#1127354 bsc#1127371). - cxgb4: move DCB version extern to header file (bsc#1104279 ). - cxgb4: remove cast when saving IPv4 partial checksum (bsc#1074220). - cxgb4: set up filter action after rewrites (bsc#1064802 bsc#1066129). - cxgb4: use correct type for all-mask IP address comparison (bsc#1064802 bsc#1066129). - cxgb4: use unaligned conversion for fetching timestamp (bsc#1046540 bsc#1046648). - dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - docs: Fix reST markup when linking to sections (git-fixes). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956) - drm/amdkfd: Put ACPI table after using it (bsc#1129770) Backporting changes: * context changes - drm/atomic: put state on error path (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178) - drm/i915: Fix sha_text population code (bsc#1112178) - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770) - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770) - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770) - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178) - drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178) - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178) - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: avoid premature Rx buffer reuse (bsc#1111981). - igb: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: fix link speed advertising (jsc#SLE-4799). - iio: ad5504: Fix setting power-down state (git-fixes). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181260, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181260, jsc#ECO-3191). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (bsc#1109837). - ixgbe: avoid premature Rx buffer reuse (bsc#1109837 ). - kABI: Fix kABI for extended APIC-ID support (bsc#1181260, jsc#ECO-3191). - kernfs: deal with kernfs_fill_super() failures (bsc#1181809). - lockd: do not use interval-based rebinding over TCP (git-fixes). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/raid10: initialize r10_bio->read_slot before use (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (bsc#1112374). - mlxsw: spectrum: Do not modify cloned SKBs during xmit (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (bsc#1112374). - mlxsw: switchx2: Do not modify cloned SKBs during xmit (git-fixes). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/hotplug)). - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() (git fixes (mm/pgalloc)). - mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly (git fixes (mm/hmm)). - mm/slab: use memzero_explicit() in kzfree() (git fixes (mm/slab)). - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)). - mm: hwpoison: disable memory error handling on 1GB hugepage (git fixes (mm/hwpoison)). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/af_iucv: always register net_device notifier (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179563 LTC#190108). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net/filter: Permit reading NET in load_bytes_relative when MAC not set (bsc#1109837). - net/liquidio: Delete driver version assignment (git-fixes). - net/liquidio: Delete non-working LIQUIDIO_PACKAGE check (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (git-fixes). - net/mlx5: Add handling of port type in rule deletion (bsc#1103991). - net/mlx5: Fix memory leak on flow table creation error flow (bsc#1046305). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (bsc#1046305). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (bsc#1075020). - net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990 ). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (bsc#1103990). - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels (bsc#1109837). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: receive pending data after RCV_SHUTDOWN (git-fixes). - net/smc: receive returns without data (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: reapply manual settings to the PHY (git-fixes). - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes). - net: cbs: Fix software cbs to consider packet sending time (bsc#1109837). - net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes). - net: freescale: fec: Fix ethtool -d runtime PM (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (bsc#1104353). - net: hns3: add compatible handling for command HCLGE_OPC_PF_RST_DONE (git-fixes). - net: hns3: add management table after IMP reset (bsc#1104353 ). - net: hns3: check reset interrupt status when reset fails (git-fixes). - net: hns3: clear reset interrupt status in hclge_irq_handle() (git-fixes). - net: hns3: fix a TX timeout issue (bsc#1104353). - net: hns3: fix a wrong reset interrupt status mask (git-fixes). - net: hns3: fix error VF index when setting VLAN offload (bsc#1104353). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix for not calculating TX BD send size correctly (bsc#1126390). - net: hns3: fix interrupt clearing error for VF (bsc#1104353 ). - net: hns3: fix mis-counting IRQ vector numbers issue (bsc#1104353). - net: hns3: fix shaper parameter algorithm (bsc#1104353 ). - net: hns3: fix the number of queues actually used by ARQ (bsc#1104353). - net: hns3: fix use-after-free when doing self test (bsc#1104353 ). - net: hns3: reallocate SSU' buffer size when pfc_en changes (bsc#1104353). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (bsc#1098633). - net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113 ). - net: mvpp2: fix pkt coalescing int-threshold configuration (bsc#1098633). - net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes). - net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes). - net: phy: micrel: make sure the factory test bit is cleared (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes). - net: sunrpc: interpret the return value of kstrtou32 correctly (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net: usb: lan78xx: Fix error message format specifier (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (git-fixes). - net_failover: fixed rollback in net_failover_open() (bsc#1109837). - net_sched: let qdisc_put() accept NULL pointer (bsc#1056657 bsc#1056653 bsc#1056787). - nfp: validate the return code from dev_queue_xmit() (git-fixes). - nfs_common: need lock during iterate through the list (git-fixes). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - page_frag: Recover from memory pressure (git fixes (mm/pgalloc)). - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes). - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use after free in qed_chain_free (bsc#1050536 bsc#1050538). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix list corruption of lcu list (bsc#1181170 LTC#190915). - s390/dasd: fix list corruption of pavgroup group list (bsc#1181170 LTC#190915). - s390/dasd: prevent inconsistent LCU device data (bsc#1181170 LTC#190915). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Fix enqueue_task_fair warning (bsc#1179093). - sched/fair: Fix enqueue_task_fair() warning some more (bsc#1179093). - sched/fair: Fix reordering of enqueue/dequeue_task_fair() (bsc#1179093). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (bsc#1179093). - sched/fair: Reorder enqueue/dequeue_task_fair path (bsc#1179093). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (bsc#1109837). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (bsc#1109837). - vfio iommu: Add dma available capability (bsc#1179573 LTC#190106). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181231). - vhost/vsock: fix vhost vsock cid hashing inconsistent (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181260, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181260, jsc#ECO-3191). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181260, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260, jsc#ECO-3191). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178). - x86/mm: Fix leak of pmd ptlock (bsc#1112178). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181260, jsc#ECO-3191). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178). - x86/resctrl: Do not move a task to the same resource group (bsc#1112178). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178). - xdp: Fix xsk_generic_xmit errno (bsc#1109837). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-532=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-532=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-532=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-532=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-532=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-532=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-532=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-532=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-532=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-532=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-532=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-532=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Manager Server 4.0 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Manager Server 4.0 (s390x): kernel-default-man-4.12.14-197.83.1 kernel-zfcpdump-debuginfo-4.12.14-197.83.1 kernel-zfcpdump-debugsource-4.12.14-197.83.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Manager Retail Branch Server 4.0 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Manager Proxy 4.0 (x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Manager Proxy 4.0 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-extra-4.12.14-197.83.1 kernel-default-extra-debuginfo-4.12.14-197.83.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.83.1 kernel-zfcpdump-debuginfo-4.12.14-197.83.1 kernel-zfcpdump-debugsource-4.12.14-197.83.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-livepatch-4.12.14-197.83.1 kernel-default-livepatch-devel-4.12.14-197.83.1 kernel-livepatch-4_12_14-197_83-default-1-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.83.1 cluster-md-kmp-default-debuginfo-4.12.14-197.83.1 dlm-kmp-default-4.12.14-197.83.1 dlm-kmp-default-debuginfo-4.12.14-197.83.1 gfs2-kmp-default-4.12.14-197.83.1 gfs2-kmp-default-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 ocfs2-kmp-default-4.12.14-197.83.1 ocfs2-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.83.1 kernel-default-base-4.12.14-197.83.1 kernel-default-base-debuginfo-4.12.14-197.83.1 kernel-default-debuginfo-4.12.14-197.83.1 kernel-default-debugsource-4.12.14-197.83.1 kernel-default-devel-4.12.14-197.83.1 kernel-default-devel-debuginfo-4.12.14-197.83.1 kernel-obs-build-4.12.14-197.83.1 kernel-obs-build-debugsource-4.12.14-197.83.1 kernel-syms-4.12.14-197.83.1 reiserfs-kmp-default-4.12.14-197.83.1 reiserfs-kmp-default-debuginfo-4.12.14-197.83.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.83.1 kernel-docs-4.12.14-197.83.1 kernel-macros-4.12.14-197.83.1 kernel-source-4.12.14-197.83.1 References: https://www.suse.com/security/cve/CVE-2020-25639.html https://www.suse.com/security/cve/CVE-2020-27835.html https://www.suse.com/security/cve/CVE-2020-29568.html https://www.suse.com/security/cve/CVE-2020-29569.html https://www.suse.com/security/cve/CVE-2021-0342.html https://www.suse.com/security/cve/CVE-2021-20177.html https://www.suse.com/security/cve/CVE-2021-3347.html https://www.suse.com/security/cve/CVE-2021-3348.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046540 https://bugzilla.suse.com/1046542 https://bugzilla.suse.com/1046648 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1074220 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104270 https://bugzilla.suse.com/1104277 https://bugzilla.suse.com/1104279 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104742 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126390 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1174206 https://bugzilla.suse.com/1176831 https://bugzilla.suse.com/1176846 https://bugzilla.suse.com/1178036 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178900 https://bugzilla.suse.com/1179093 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179508 https://bugzilla.suse.com/1179509 https://bugzilla.suse.com/1179563 https://bugzilla.suse.com/1179573 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179878 https://bugzilla.suse.com/1180130 https://bugzilla.suse.com/1180765 https://bugzilla.suse.com/1180812 https://bugzilla.suse.com/1180891 https://bugzilla.suse.com/1180912 https://bugzilla.suse.com/1181018 https://bugzilla.suse.com/1181170 https://bugzilla.suse.com/1181230 https://bugzilla.suse.com/1181231 https://bugzilla.suse.com/1181260 https://bugzilla.suse.com/1181349 https://bugzilla.suse.com/1181425 https://bugzilla.suse.com/1181504 https://bugzilla.suse.com/1181809 From sle-security-updates at lists.suse.com Fri Feb 19 20:24:21 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Feb 2021 21:24:21 +0100 (CET) Subject: SUSE-SU-2021:0533-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <20210219202421.8D77BFFA5@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0533-1 Rating: moderate References: #1181239 Cross-References: CVE-2020-14803 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-533=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-533=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-533=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-533=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-533=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-533=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-533=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-533=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-533=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-533=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-533=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-533=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://bugzilla.suse.com/1181239 From sle-security-updates at lists.suse.com Mon Feb 22 14:17:31 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2021 15:17:31 +0100 (CET) Subject: SUSE-SU-2021:0536-1: important: Security update for webkit2gtk3 Message-ID: <20210222141731.5B9FBFFA5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0536-1 Rating: important References: #1182286 Cross-References: CVE-2020-13558 CVSS scores: CVE-2020-13558 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.30.5 (bsc#1182286): + Bring back the WebKitPluginProcess installation that was removed by mistake. + Fix RunLoop objects leaked in worker threads. + Fix aarch64 llint build with JIT disabled. + Use Internet Explorer quirk for Google Docs. + Security fixes: CVE-2020-13558. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-536=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-536=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.30.5-3.12.1 typelib-1_0-WebKit2-4_0-2.30.5-3.12.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.12.1 webkit2gtk3-debugsource-2.30.5-3.12.1 webkit2gtk3-devel-2.30.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.12.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.12.1 libwebkit2gtk-4_0-37-2.30.5-3.12.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.12.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.12.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.12.1 webkit2gtk3-debugsource-2.30.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.30.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-13558.html https://bugzilla.suse.com/1182286 From sle-security-updates at lists.suse.com Mon Feb 22 17:15:47 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2021 18:15:47 +0100 (CET) Subject: SUSE-SU-2021:0543-1: moderate: Security update for postgresql13 Message-ID: <20210222171547.5FAA7FFA5@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0543-1 Rating: moderate References: #1179765 #1182039 #1182040 Cross-References: CVE-2021-20229 CVE-2021-3393 CVSS scores: CVE-2021-20229 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3393 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for postgresql13 fixes the following issues: Upgrade to version 13.2: * Updating stored views and reindexing might be needed after applying this update. * CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. * CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-543=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-543=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-543=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-13.2-5.6.1 libecpg6-debuginfo-13.2-5.6.1 postgresql13-contrib-13.2-5.6.1 postgresql13-contrib-debuginfo-13.2-5.6.1 postgresql13-debuginfo-13.2-5.6.1 postgresql13-debugsource-13.2-5.6.1 postgresql13-devel-13.2-5.6.1 postgresql13-devel-debuginfo-13.2-5.6.1 postgresql13-plperl-13.2-5.6.1 postgresql13-plperl-debuginfo-13.2-5.6.1 postgresql13-plpython-13.2-5.6.1 postgresql13-plpython-debuginfo-13.2-5.6.1 postgresql13-pltcl-13.2-5.6.1 postgresql13-pltcl-debuginfo-13.2-5.6.1 postgresql13-server-13.2-5.6.1 postgresql13-server-debuginfo-13.2-5.6.1 postgresql13-server-devel-13.2-5.6.1 postgresql13-server-devel-debuginfo-13.2-5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql13-docs-13.2-5.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.2-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-13.2-5.6.1 libpq5-debuginfo-13.2-5.6.1 postgresql13-13.2-5.6.1 postgresql13-debuginfo-13.2-5.6.1 postgresql13-debugsource-13.2-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-13.2-5.6.1 libpq5-32bit-debuginfo-13.2-5.6.1 References: https://www.suse.com/security/cve/CVE-2021-20229.html https://www.suse.com/security/cve/CVE-2021-3393.html https://bugzilla.suse.com/1179765 https://bugzilla.suse.com/1182039 https://bugzilla.suse.com/1182040 From sle-security-updates at lists.suse.com Mon Feb 22 17:16:59 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2021 18:16:59 +0100 (CET) Subject: SUSE-SU-2021:0545-1: moderate: Security update for postgresql13 Message-ID: <20210222171659.D5EADFFA5@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0545-1 Rating: moderate References: #1182039 #1182040 Cross-References: CVE-2021-20229 CVE-2021-3393 CVSS scores: CVE-2021-20229 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3393 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql13 fixes the following issues: Upgrade to version 13.2: - Updating stored views and reindexing might be needed after applying this update. - CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. - CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-545=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-545=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.2-3.6.1 postgresql13-devel-13.2-3.6.1 postgresql13-devel-debuginfo-13.2-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.2-3.6.1 postgresql13-server-devel-debuginfo-13.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-13.2-3.6.1 libecpg6-debuginfo-13.2-3.6.1 libpq5-13.2-3.6.1 libpq5-debuginfo-13.2-3.6.1 postgresql13-13.2-3.6.1 postgresql13-contrib-13.2-3.6.1 postgresql13-contrib-debuginfo-13.2-3.6.1 postgresql13-debuginfo-13.2-3.6.1 postgresql13-debugsource-13.2-3.6.1 postgresql13-plperl-13.2-3.6.1 postgresql13-plperl-debuginfo-13.2-3.6.1 postgresql13-plpython-13.2-3.6.1 postgresql13-plpython-debuginfo-13.2-3.6.1 postgresql13-pltcl-13.2-3.6.1 postgresql13-pltcl-debuginfo-13.2-3.6.1 postgresql13-server-13.2-3.6.1 postgresql13-server-debuginfo-13.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-13.2-3.6.1 libpq5-debuginfo-32bit-13.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-20229.html https://www.suse.com/security/cve/CVE-2021-3393.html https://bugzilla.suse.com/1182039 https://bugzilla.suse.com/1182040 From sle-security-updates at lists.suse.com Mon Feb 22 17:19:06 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Feb 2021 18:19:06 +0100 (CET) Subject: SUSE-SU-2021:0544-1: moderate: Security update for postgresql12 Message-ID: <20210222171906.997F0FFA5@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0544-1 Rating: moderate References: #1179765 #1182040 Cross-References: CVE-2021-3393 CVSS scores: CVE-2021-3393 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-544=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-544=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-contrib-12.6-8.16.1 postgresql12-contrib-debuginfo-12.6-8.16.1 postgresql12-debuginfo-12.6-8.16.1 postgresql12-debugsource-12.6-8.16.1 postgresql12-devel-12.6-8.16.1 postgresql12-devel-debuginfo-12.6-8.16.1 postgresql12-plperl-12.6-8.16.1 postgresql12-plperl-debuginfo-12.6-8.16.1 postgresql12-plpython-12.6-8.16.1 postgresql12-plpython-debuginfo-12.6-8.16.1 postgresql12-pltcl-12.6-8.16.1 postgresql12-pltcl-debuginfo-12.6-8.16.1 postgresql12-server-12.6-8.16.1 postgresql12-server-debuginfo-12.6-8.16.1 postgresql12-server-devel-12.6-8.16.1 postgresql12-server-devel-debuginfo-12.6-8.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.6-8.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-12.6-8.16.1 postgresql12-debuginfo-12.6-8.16.1 postgresql12-debugsource-12.6-8.16.1 References: https://www.suse.com/security/cve/CVE-2021-3393.html https://bugzilla.suse.com/1179765 https://bugzilla.suse.com/1182040 From sle-security-updates at lists.suse.com Tue Feb 23 14:15:05 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Feb 2021 15:15:05 +0100 (CET) Subject: SUSE-SU-2021:0551-1: moderate: Security update for avahi Message-ID: <20210223141505.5A11FFFB4@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0551-1 Rating: moderate References: #1180827 Cross-References: CVE-2021-26720 CVSS scores: CVE-2021-26720 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-551=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-551=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-551=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.6.1 avahi-debugsource-0.7-3.6.1 python3-avahi-0.7-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.6.1 avahi-autoipd-debuginfo-0.7-3.6.1 avahi-debuginfo-0.7-3.6.1 avahi-debugsource-0.7-3.6.1 avahi-glib2-debugsource-0.7-3.6.1 avahi-utils-gtk-0.7-3.6.1 avahi-utils-gtk-debuginfo-0.7-3.6.1 libavahi-gobject-devel-0.7-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.6.1 avahi-compat-howl-devel-0.7-3.6.1 avahi-compat-mDNSResponder-devel-0.7-3.6.1 avahi-debuginfo-0.7-3.6.1 avahi-debugsource-0.7-3.6.1 avahi-glib2-debugsource-0.7-3.6.1 avahi-utils-0.7-3.6.1 avahi-utils-debuginfo-0.7-3.6.1 libavahi-client3-0.7-3.6.1 libavahi-client3-debuginfo-0.7-3.6.1 libavahi-common3-0.7-3.6.1 libavahi-common3-debuginfo-0.7-3.6.1 libavahi-core7-0.7-3.6.1 libavahi-core7-debuginfo-0.7-3.6.1 libavahi-devel-0.7-3.6.1 libavahi-glib-devel-0.7-3.6.1 libavahi-glib1-0.7-3.6.1 libavahi-glib1-debuginfo-0.7-3.6.1 libavahi-gobject0-0.7-3.6.1 libavahi-gobject0-debuginfo-0.7-3.6.1 libavahi-ui-gtk3-0-0.7-3.6.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.6.1 libavahi-ui0-0.7-3.6.1 libavahi-ui0-debuginfo-0.7-3.6.1 libdns_sd-0.7-3.6.1 libdns_sd-debuginfo-0.7-3.6.1 libhowl0-0.7-3.6.1 libhowl0-debuginfo-0.7-3.6.1 typelib-1_0-Avahi-0_6-0.7-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): avahi-lang-0.7-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): avahi-32bit-debuginfo-0.7-3.6.1 libavahi-client3-32bit-0.7-3.6.1 libavahi-client3-32bit-debuginfo-0.7-3.6.1 libavahi-common3-32bit-0.7-3.6.1 libavahi-common3-32bit-debuginfo-0.7-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-26720.html https://bugzilla.suse.com/1180827 From sle-security-updates at lists.suse.com Tue Feb 23 14:17:06 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Feb 2021 15:17:06 +0100 (CET) Subject: SUSE-SU-2021:0549-1: moderate: Security update for gnuplot Message-ID: <20210223141706.A4CBBFFB4@maintenance.suse.de> SUSE Security Update: Security update for gnuplot ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0549-1 Rating: moderate References: #1176689 Cross-References: CVE-2020-25559 CVSS scores: CVE-2020-25559 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnuplot fixes the following issues: - CVE-2020-25559: Fixed double free when executing print_set_output() (bsc#1176689). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-549=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnuplot-5.2.2-3.6.1 gnuplot-debuginfo-5.2.2-3.6.1 gnuplot-debugsource-5.2.2-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): gnuplot-doc-5.2.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-25559.html https://bugzilla.suse.com/1176689 From sle-security-updates at lists.suse.com Tue Feb 23 17:14:56 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Feb 2021 18:14:56 +0100 (CET) Subject: SUSE-SU-2021:0563-1: moderate: Security update for avahi Message-ID: <20210223171456.27602FFB4@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0563-1 Rating: moderate References: #1180827 Cross-References: CVE-2021-26720 CVSS scores: CVE-2021-26720 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Add sudo to requires: used to drop privileges. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-563=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-563=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-563=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): avahi-glib2-debugsource-0.6.32-32.12.3 libavahi-gobject0-0.6.32-32.12.3 libavahi-gobject0-debuginfo-0.6.32-32.12.3 libavahi-ui-gtk3-0-0.6.32-32.12.3 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.12.3 libavahi-ui0-0.6.32-32.12.3 libavahi-ui0-debuginfo-0.6.32-32.12.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.12.2 avahi-compat-mDNSResponder-devel-0.6.32-32.12.2 avahi-debuginfo-0.6.32-32.12.2 avahi-debugsource-0.6.32-32.12.2 avahi-glib2-debugsource-0.6.32-32.12.3 libavahi-devel-0.6.32-32.12.2 libavahi-glib-devel-0.6.32-32.12.3 libavahi-gobject-devel-0.6.32-32.12.3 libavahi-gobject0-0.6.32-32.12.3 libavahi-gobject0-debuginfo-0.6.32-32.12.3 libavahi-ui-gtk3-0-0.6.32-32.12.3 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.12.3 libavahi-ui0-0.6.32-32.12.3 libavahi-ui0-debuginfo-0.6.32-32.12.3 libhowl0-0.6.32-32.12.2 libhowl0-debuginfo-0.6.32-32.12.2 python-avahi-0.6.32-32.12.2 typelib-1_0-Avahi-0_6-0.6.32-32.12.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.12.2 avahi-debuginfo-0.6.32-32.12.2 avahi-debugsource-0.6.32-32.12.2 avahi-glib2-debugsource-0.6.32-32.12.3 avahi-utils-0.6.32-32.12.2 avahi-utils-debuginfo-0.6.32-32.12.2 libavahi-client3-0.6.32-32.12.2 libavahi-client3-debuginfo-0.6.32-32.12.2 libavahi-common3-0.6.32-32.12.2 libavahi-common3-debuginfo-0.6.32-32.12.2 libavahi-core7-0.6.32-32.12.2 libavahi-core7-debuginfo-0.6.32-32.12.2 libavahi-glib1-0.6.32-32.12.3 libavahi-glib1-debuginfo-0.6.32-32.12.3 libdns_sd-0.6.32-32.12.2 libdns_sd-debuginfo-0.6.32-32.12.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.12.2 libavahi-client3-32bit-0.6.32-32.12.2 libavahi-client3-debuginfo-32bit-0.6.32-32.12.2 libavahi-common3-32bit-0.6.32-32.12.2 libavahi-common3-debuginfo-32bit-0.6.32-32.12.2 libavahi-glib1-32bit-0.6.32-32.12.3 libavahi-glib1-debuginfo-32bit-0.6.32-32.12.3 libdns_sd-32bit-0.6.32-32.12.2 libdns_sd-debuginfo-32bit-0.6.32-32.12.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): avahi-lang-0.6.32-32.12.2 References: https://www.suse.com/security/cve/CVE-2021-26720.html https://bugzilla.suse.com/1180827 From sle-security-updates at lists.suse.com Tue Feb 23 17:15:57 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Feb 2021 18:15:57 +0100 (CET) Subject: SUSE-SU-2021:14640-1: important: Security update for java-1_7_0-ibm Message-ID: <20210223171557.686BBFFB4@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14640-1 Rating: important References: #1181239 #1182186 Cross-References: CVE-2020-14803 CVE-2020-27221 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27221 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27221 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14640=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.80-65.60.1 java-1_7_0-ibm-alsa-1.7.0_sr10.80-65.60.1 java-1_7_0-ibm-devel-1.7.0_sr10.80-65.60.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.80-65.60.1 java-1_7_0-ibm-plugin-1.7.0_sr10.80-65.60.1 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://www.suse.com/security/cve/CVE-2020-27221.html https://bugzilla.suse.com/1181239 https://bugzilla.suse.com/1182186 From sle-security-updates at lists.suse.com Tue Feb 23 17:18:04 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Feb 2021 18:18:04 +0100 (CET) Subject: SUSE-SU-2021:0565-1: moderate: Security update for pcp Message-ID: <20210223171804.1311FFFB4@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0565-1 Rating: moderate References: #1152533 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pcp fixes the following issues: - Drop unnecessary %pre/%post recursive chown calls (bsc#1152533) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-565=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libpcp-devel-4.3.1-3.11.1 libpcp3-4.3.1-3.11.1 libpcp3-debuginfo-4.3.1-3.11.1 libpcp_gui2-4.3.1-3.11.1 libpcp_gui2-debuginfo-4.3.1-3.11.1 libpcp_import1-4.3.1-3.11.1 libpcp_import1-debuginfo-4.3.1-3.11.1 libpcp_mmv1-4.3.1-3.11.1 libpcp_mmv1-debuginfo-4.3.1-3.11.1 libpcp_trace2-4.3.1-3.11.1 libpcp_trace2-debuginfo-4.3.1-3.11.1 libpcp_web1-4.3.1-3.11.1 libpcp_web1-debuginfo-4.3.1-3.11.1 pcp-4.3.1-3.11.1 pcp-conf-4.3.1-3.11.1 pcp-debuginfo-4.3.1-3.11.1 pcp-debugsource-4.3.1-3.11.1 pcp-devel-4.3.1-3.11.1 pcp-devel-debuginfo-4.3.1-3.11.1 pcp-import-iostat2pcp-4.3.1-3.11.1 pcp-import-mrtg2pcp-4.3.1-3.11.1 pcp-import-sar2pcp-4.3.1-3.11.1 pcp-system-tools-4.3.1-3.11.1 pcp-system-tools-debuginfo-4.3.1-3.11.1 perl-PCP-LogImport-4.3.1-3.11.1 perl-PCP-LogImport-debuginfo-4.3.1-3.11.1 perl-PCP-LogSummary-4.3.1-3.11.1 perl-PCP-MMV-4.3.1-3.11.1 perl-PCP-MMV-debuginfo-4.3.1-3.11.1 perl-PCP-PMDA-4.3.1-3.11.1 perl-PCP-PMDA-debuginfo-4.3.1-3.11.1 python3-pcp-4.3.1-3.11.1 python3-pcp-debuginfo-4.3.1-3.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (ppc64le): pcp-pmda-perfevent-4.3.1-3.11.1 pcp-pmda-perfevent-debuginfo-4.3.1-3.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): pcp-doc-4.3.1-3.11.1 References: https://bugzilla.suse.com/1152533 From sle-security-updates at lists.suse.com Wed Feb 24 17:14:35 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Feb 2021 18:14:35 +0100 (CET) Subject: SUSE-SU-2021:0583-1: important: Security update for webkit2gtk3 Message-ID: <20210224171435.63094FFA5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0583-1 Rating: important References: #1182286 Cross-References: CVE-2020-13558 CVSS scores: CVE-2020-13558 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.30.5 (bsc#1182286): + Bring back the WebKitPluginProcess installation that was removed by mistake. + Fix RunLoop objects leaked in worker threads. + Fix aarch64 llint build with JIT disabled. + Use Internet Explorer quirk for Google Docs. + Security fixes: CVE-2020-13558. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-583=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-583=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-583=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-583=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-583=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-583=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-583=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-583=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-583=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-583=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-583=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-583=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-583=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Manager Server 4.0 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Manager Retail Branch Server 4.0 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Manager Proxy 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Manager Proxy 4.0 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.30.5-3.66.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.30.5-3.66.1 libjavascriptcoregtk-4_0-18-debuginfo-2.30.5-3.66.1 libwebkit2gtk-4_0-37-2.30.5-3.66.1 libwebkit2gtk-4_0-37-debuginfo-2.30.5-3.66.1 typelib-1_0-JavaScriptCore-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2-4_0-2.30.5-3.66.1 typelib-1_0-WebKit2WebExtension-4_0-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-2.30.5-3.66.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.5-3.66.1 webkit2gtk3-debugsource-2.30.5-3.66.1 webkit2gtk3-devel-2.30.5-3.66.1 References: https://www.suse.com/security/cve/CVE-2020-13558.html https://bugzilla.suse.com/1182286 From sle-security-updates at lists.suse.com Wed Feb 24 17:15:42 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Feb 2021 18:15:42 +0100 (CET) Subject: SUSE-SU-2021:0584-1: important: Security update for php7 Message-ID: <20210224171542.838BBFFA5@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0584-1 Rating: important References: #1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-584=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-584=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-584=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-584=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-584=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-584=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-584=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-584=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-584=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-584=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-584=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-584=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-584=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Manager Server 4.0 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Manager Retail Branch Server 4.0 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Manager Proxy 4.0 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Manager Proxy 4.0 (x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.5-4.73.1 php7-pear-Archive_Tar-7.2.5-4.73.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.5-4.73.1 apache2-mod_php7-debuginfo-7.2.5-4.73.1 php7-7.2.5-4.73.1 php7-bcmath-7.2.5-4.73.1 php7-bcmath-debuginfo-7.2.5-4.73.1 php7-bz2-7.2.5-4.73.1 php7-bz2-debuginfo-7.2.5-4.73.1 php7-calendar-7.2.5-4.73.1 php7-calendar-debuginfo-7.2.5-4.73.1 php7-ctype-7.2.5-4.73.1 php7-ctype-debuginfo-7.2.5-4.73.1 php7-curl-7.2.5-4.73.1 php7-curl-debuginfo-7.2.5-4.73.1 php7-dba-7.2.5-4.73.1 php7-dba-debuginfo-7.2.5-4.73.1 php7-debuginfo-7.2.5-4.73.1 php7-debugsource-7.2.5-4.73.1 php7-devel-7.2.5-4.73.1 php7-dom-7.2.5-4.73.1 php7-dom-debuginfo-7.2.5-4.73.1 php7-enchant-7.2.5-4.73.1 php7-enchant-debuginfo-7.2.5-4.73.1 php7-exif-7.2.5-4.73.1 php7-exif-debuginfo-7.2.5-4.73.1 php7-fastcgi-7.2.5-4.73.1 php7-fastcgi-debuginfo-7.2.5-4.73.1 php7-fileinfo-7.2.5-4.73.1 php7-fileinfo-debuginfo-7.2.5-4.73.1 php7-fpm-7.2.5-4.73.1 php7-fpm-debuginfo-7.2.5-4.73.1 php7-ftp-7.2.5-4.73.1 php7-ftp-debuginfo-7.2.5-4.73.1 php7-gd-7.2.5-4.73.1 php7-gd-debuginfo-7.2.5-4.73.1 php7-gettext-7.2.5-4.73.1 php7-gettext-debuginfo-7.2.5-4.73.1 php7-gmp-7.2.5-4.73.1 php7-gmp-debuginfo-7.2.5-4.73.1 php7-iconv-7.2.5-4.73.1 php7-iconv-debuginfo-7.2.5-4.73.1 php7-intl-7.2.5-4.73.1 php7-intl-debuginfo-7.2.5-4.73.1 php7-json-7.2.5-4.73.1 php7-json-debuginfo-7.2.5-4.73.1 php7-ldap-7.2.5-4.73.1 php7-ldap-debuginfo-7.2.5-4.73.1 php7-mbstring-7.2.5-4.73.1 php7-mbstring-debuginfo-7.2.5-4.73.1 php7-mysql-7.2.5-4.73.1 php7-mysql-debuginfo-7.2.5-4.73.1 php7-odbc-7.2.5-4.73.1 php7-odbc-debuginfo-7.2.5-4.73.1 php7-opcache-7.2.5-4.73.1 php7-opcache-debuginfo-7.2.5-4.73.1 php7-openssl-7.2.5-4.73.1 php7-openssl-debuginfo-7.2.5-4.73.1 php7-pcntl-7.2.5-4.73.1 php7-pcntl-debuginfo-7.2.5-4.73.1 php7-pdo-7.2.5-4.73.1 php7-pdo-debuginfo-7.2.5-4.73.1 php7-pgsql-7.2.5-4.73.1 php7-pgsql-debuginfo-7.2.5-4.73.1 php7-phar-7.2.5-4.73.1 php7-phar-debuginfo-7.2.5-4.73.1 php7-posix-7.2.5-4.73.1 php7-posix-debuginfo-7.2.5-4.73.1 php7-readline-7.2.5-4.73.1 php7-readline-debuginfo-7.2.5-4.73.1 php7-shmop-7.2.5-4.73.1 php7-shmop-debuginfo-7.2.5-4.73.1 php7-snmp-7.2.5-4.73.1 php7-snmp-debuginfo-7.2.5-4.73.1 php7-soap-7.2.5-4.73.1 php7-soap-debuginfo-7.2.5-4.73.1 php7-sockets-7.2.5-4.73.1 php7-sockets-debuginfo-7.2.5-4.73.1 php7-sodium-7.2.5-4.73.1 php7-sodium-debuginfo-7.2.5-4.73.1 php7-sqlite-7.2.5-4.73.1 php7-sqlite-debuginfo-7.2.5-4.73.1 php7-sysvmsg-7.2.5-4.73.1 php7-sysvmsg-debuginfo-7.2.5-4.73.1 php7-sysvsem-7.2.5-4.73.1 php7-sysvsem-debuginfo-7.2.5-4.73.1 php7-sysvshm-7.2.5-4.73.1 php7-sysvshm-debuginfo-7.2.5-4.73.1 php7-tidy-7.2.5-4.73.1 php7-tidy-debuginfo-7.2.5-4.73.1 php7-tokenizer-7.2.5-4.73.1 php7-tokenizer-debuginfo-7.2.5-4.73.1 php7-wddx-7.2.5-4.73.1 php7-wddx-debuginfo-7.2.5-4.73.1 php7-xmlreader-7.2.5-4.73.1 php7-xmlreader-debuginfo-7.2.5-4.73.1 php7-xmlrpc-7.2.5-4.73.1 php7-xmlrpc-debuginfo-7.2.5-4.73.1 php7-xmlwriter-7.2.5-4.73.1 php7-xmlwriter-debuginfo-7.2.5-4.73.1 php7-xsl-7.2.5-4.73.1 php7-xsl-debuginfo-7.2.5-4.73.1 php7-zip-7.2.5-4.73.1 php7-zip-debuginfo-7.2.5-4.73.1 php7-zlib-7.2.5-4.73.1 php7-zlib-debuginfo-7.2.5-4.73.1 References: https://www.suse.com/security/cve/CVE-2021-21702.html https://bugzilla.suse.com/1182049 From sle-security-updates at lists.suse.com Thu Feb 25 14:17:01 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 15:17:01 +0100 (CET) Subject: SUSE-SU-2021:0597-1: moderate: Security update for rpmlint Message-ID: <20210225141701.89077FFA5@maintenance.suse.de> SUSE Security Update: Security update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0597-1 Rating: moderate References: #1169614 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-597=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-13.5.1 rpmlint-mini-debuginfo-1.10-13.5.1 rpmlint-mini-debugsource-1.10-13.5.1 References: https://bugzilla.suse.com/1169614 From sle-security-updates at lists.suse.com Thu Feb 25 14:18:11 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 15:18:11 +0100 (CET) Subject: SUSE-SU-2021:0599-1: moderate: Security update for postgresql-jdbc Message-ID: <20210225141811.05C57FFA5@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0599-1 Rating: moderate References: #1172746 Cross-References: CVE-2020-13692 CVSS scores: CVE-2020-13692 (NVD) : 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H CVE-2020-13692 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2020-13692: Fixed a XML External Entity vulnerability (bsc#1172746) . Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-599=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-jdbc-9.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13692.html https://bugzilla.suse.com/1172746 From sle-security-updates at lists.suse.com Thu Feb 25 14:21:24 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 15:21:24 +0100 (CET) Subject: SUSE-SU-2021:0594-1: important: Security update for python-cryptography Message-ID: <20210225142124.76302FFA5@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0594-1 Rating: important References: #1182066 Cross-References: CVE-2020-36242 CVSS scores: CVE-2020-36242 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2020-36242 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-594=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-594=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.8-3.6.1 python-cryptography-debugsource-2.8-3.6.1 python2-cryptography-2.8-3.6.1 python2-cryptography-debuginfo-2.8-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.8-3.6.1 python-cryptography-debugsource-2.8-3.6.1 python3-cryptography-2.8-3.6.1 python3-cryptography-debuginfo-2.8-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-36242.html https://bugzilla.suse.com/1182066 From sle-security-updates at lists.suse.com Thu Feb 25 17:16:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 18:16:27 +0100 (CET) Subject: SUSE-SU-2021:0602-1: important: Security update for python-Jinja2 Message-ID: <20210225171627.4B5CBFFA5@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0602-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-602=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-602=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Jinja2-2.10.1-3.6.1 - SUSE OpenStack Cloud 9 (noarch): python-Jinja2-2.10.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 From sle-security-updates at lists.suse.com Thu Feb 25 17:17:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 18:17:27 +0100 (CET) Subject: SUSE-SU-2021:0600-1: moderate: Security update for ImageMagick Message-ID: <20210225171727.D7C91FFA5@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0600-1 Rating: moderate References: #1182325 #1182336 #1182337 Cross-References: CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVSS scores: CVE-2021-20243 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20244 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20246 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: _ CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c _ CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c _ CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-600=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-600=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-600=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.162.1 ImageMagick-debuginfo-6.8.8.1-71.162.1 ImageMagick-debugsource-6.8.8.1-71.162.1 libMagick++-6_Q16-3-6.8.8.1-71.162.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.162.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.162.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.162.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.162.1 ImageMagick-config-6-SUSE-6.8.8.1-71.162.1 ImageMagick-config-6-upstream-6.8.8.1-71.162.1 ImageMagick-debuginfo-6.8.8.1-71.162.1 ImageMagick-debugsource-6.8.8.1-71.162.1 ImageMagick-devel-6.8.8.1-71.162.1 libMagick++-6_Q16-3-6.8.8.1-71.162.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.162.1 libMagick++-devel-6.8.8.1-71.162.1 perl-PerlMagick-6.8.8.1-71.162.1 perl-PerlMagick-debuginfo-6.8.8.1-71.162.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.162.1 ImageMagick-config-6-upstream-6.8.8.1-71.162.1 ImageMagick-debuginfo-6.8.8.1-71.162.1 ImageMagick-debugsource-6.8.8.1-71.162.1 libMagickCore-6_Q16-1-6.8.8.1-71.162.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.162.1 libMagickWand-6_Q16-1-6.8.8.1-71.162.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.162.1 References: https://www.suse.com/security/cve/CVE-2021-20243.html https://www.suse.com/security/cve/CVE-2021-20244.html https://www.suse.com/security/cve/CVE-2021-20246.html https://bugzilla.suse.com/1182325 https://bugzilla.suse.com/1182336 https://bugzilla.suse.com/1182337 From sle-security-updates at lists.suse.com Thu Feb 25 17:18:42 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 18:18:42 +0100 (CET) Subject: SUSE-SU-2021:0601-1: important: Security update for python-Jinja2 Message-ID: <20210225171842.B671DFFA5@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0601-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-601=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2021-601=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Jinja2-2.8-22.11.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): python-Jinja2-2.8-22.11.1 python3-Jinja2-2.8-22.11.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 From sle-security-updates at lists.suse.com Thu Feb 25 17:19:43 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 18:19:43 +0100 (CET) Subject: SUSE-SU-2021:0603-1: important: Security update for python-Jinja2 Message-ID: <20210225171943.9B645FFA5@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0603-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-603=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-603=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-603=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Jinja2-2.9.6-3.6.1 - SUSE OpenStack Cloud 8 (noarch): python-Jinja2-2.9.6-3.6.1 - HPE Helion Openstack 8 (noarch): python-Jinja2-2.9.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 From sle-security-updates at lists.suse.com Thu Feb 25 17:21:49 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Feb 2021 18:21:49 +0100 (CET) Subject: SUSE-SU-2021:0605-1: moderate: Security update for ImageMagick Message-ID: <20210225172149.5A1D6FFA5@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0605-1 Rating: moderate References: #1182325 #1182335 #1182336 #1182337 Cross-References: CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVSS scores: CVE-2021-20241 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20243 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20244 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20246 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-20241 [bsc#1182335]: Division by zero in WriteJP2Image() in coders/jp2.c - CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c - CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c - CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-605=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-605=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.12.1 ImageMagick-debugsource-7.0.7.34-10.12.1 perl-PerlMagick-7.0.7.34-10.12.1 perl-PerlMagick-debuginfo-7.0.7.34-10.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.12.1 ImageMagick-config-7-SUSE-7.0.7.34-10.12.1 ImageMagick-config-7-upstream-7.0.7.34-10.12.1 ImageMagick-debuginfo-7.0.7.34-10.12.1 ImageMagick-debugsource-7.0.7.34-10.12.1 ImageMagick-devel-7.0.7.34-10.12.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.12.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.12.1 libMagick++-devel-7.0.7.34-10.12.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.12.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.12.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.12.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.12.1 References: https://www.suse.com/security/cve/CVE-2021-20241.html https://www.suse.com/security/cve/CVE-2021-20243.html https://www.suse.com/security/cve/CVE-2021-20244.html https://www.suse.com/security/cve/CVE-2021-20246.html https://bugzilla.suse.com/1182325 https://bugzilla.suse.com/1182335 https://bugzilla.suse.com/1182336 https://bugzilla.suse.com/1182337 From sle-security-updates at lists.suse.com Thu Feb 25 23:16:44 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 00:16:44 +0100 (CET) Subject: SUSE-SU-2021:0608-1: moderate: Security update for glibc Message-ID: <20210225231644.1DD27FD14@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0608-1 Rating: moderate References: #1180038 #1181365 #1181505 #1182117 Cross-References: CVE-2019-25013 CVE-2021-3326 CVSS scores: CVE-2019-25013 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25013 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) - powerpc: Add support for POWER10 (bsc#1181365) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-608=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-608=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-114.5.1 glibc-debugsource-2.22-114.5.1 glibc-devel-static-2.22-114.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): glibc-info-2.22-114.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-2.22-114.5.1 glibc-debuginfo-2.22-114.5.1 glibc-debugsource-2.22-114.5.1 glibc-devel-2.22-114.5.1 glibc-devel-debuginfo-2.22-114.5.1 glibc-locale-2.22-114.5.1 glibc-locale-debuginfo-2.22-114.5.1 glibc-profile-2.22-114.5.1 nscd-2.22-114.5.1 nscd-debuginfo-2.22-114.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): glibc-32bit-2.22-114.5.1 glibc-debuginfo-32bit-2.22-114.5.1 glibc-devel-32bit-2.22-114.5.1 glibc-devel-debuginfo-32bit-2.22-114.5.1 glibc-locale-32bit-2.22-114.5.1 glibc-locale-debuginfo-32bit-2.22-114.5.1 glibc-profile-32bit-2.22-114.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glibc-html-2.22-114.5.1 glibc-i18ndata-2.22-114.5.1 glibc-info-2.22-114.5.1 References: https://www.suse.com/security/cve/CVE-2019-25013.html https://www.suse.com/security/cve/CVE-2021-3326.html https://bugzilla.suse.com/1180038 https://bugzilla.suse.com/1181365 https://bugzilla.suse.com/1181505 https://bugzilla.suse.com/1182117 From sle-security-updates at lists.suse.com Thu Feb 25 23:18:05 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 00:18:05 +0100 (CET) Subject: SUSE-SU-2021:0607-1: important: Security update for python-Jinja2 Message-ID: <20210225231805.C54F6FD14@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0607-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-607=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-607=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-607=1 Package List: - SUSE Manager Tools 12 (noarch): python-Jinja2-2.8-19.23.1 python3-Jinja2-2.8-19.23.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.8-19.23.1 python3-Jinja2-2.8-19.23.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-Jinja2-2.8-19.23.1 python3-Jinja2-2.8-19.23.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 From sle-security-updates at lists.suse.com Thu Feb 25 23:19:15 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 00:19:15 +0100 (CET) Subject: SUSE-SU-2021:14644-1: important: Security update for python-Jinja2 Message-ID: <20210225231915.18412FD14@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14644-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-python-Jinja2-14644=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-python-Jinja2-14644=1 - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-Jinja2-14644=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-Jinja2-2.6-2.19.5.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-Jinja2-2.6-2.19.5.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): python-Jinja2-2.6-2.19.5.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 From sle-security-updates at lists.suse.com Fri Feb 26 08:10:52 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 09:10:52 +0100 (CET) Subject: SUSE-CU-2021:57-1: Security update of suse/sles12sp5 Message-ID: <20210226081052.534D1FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:57-1 Container Tags : suse/sles12sp5:6.5.136 , suse/sles12sp5:latest Container Release : 6.5.136 Severity : moderate Type : security References : 1180038 1181365 1181505 1182117 1182138 CVE-2019-25013 CVE-2021-3326 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:588-1 Released: Thu Feb 25 06:10:02 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1182138 This update for file fixes the following issues: - Fixed an issue when file is used with a string started with '80'. (bsc#1182138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:608-1 Released: Thu Feb 25 21:03:59 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1180038,1181365,1181505,1182117,CVE-2019-25013,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) - powerpc: Add support for POWER10 (bsc#1181365) From sle-security-updates at lists.suse.com Fri Feb 26 14:19:10 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:19:10 +0100 (CET) Subject: SUSE-SU-2021:0624-1: critical: Security update for py26-compat-salt Message-ID: <20210226141910.7AA66FD17@maintenance.suse.de> SUSE Security Update: Security update for py26-compat-salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0624-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for py26-compat-salt fixes the following issues: - Allow extra_filerefs as sanitized kwargs for SSH client - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-624=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): py26-compat-salt-2016.11.10-6.8.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:22:57 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:22:57 +0100 (CET) Subject: SUSE-SU-2021:14650-1: critical: Security update for salt Message-ID: <20210226142257.1FB70FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14650-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-14650=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-14650=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.69.1 salt-doc-2016.11.10-43.69.1 salt-minion-2016.11.10-43.69.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.69.1 salt-doc-2016.11.10-43.69.1 salt-minion-2016.11.10-43.69.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:28:52 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:28:52 +0100 (CET) Subject: SUSE-SU-2021:0626-1: critical: Security update for py26-compat-salt Message-ID: <20210226142852.7EA73FD17@maintenance.suse.de> SUSE Security Update: Security update for py26-compat-salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0626-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for py26-compat-salt fixes the following issues: - Allow extra_filerefs as sanitized kwargs for SSH client - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-626=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): py26-compat-salt-2016.11.10-10.22.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:35:49 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:35:49 +0100 (CET) Subject: SUSE-SU-2021:0619-1: critical: Security update for salt Message-ID: <20210226143549.F2733FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0619-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-619=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.12.1 salt-minion-3000+ds-1+2.12.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:39:20 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:39:20 +0100 (CET) Subject: SUSE-SU-2021:0628-1: critical: Security update for salt Message-ID: <20210226143920.49786FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0628-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-628=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-628=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-628=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-628=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.106.1 python3-salt-3000-5.106.1 salt-3000-5.106.1 salt-api-3000-5.106.1 salt-cloud-3000-5.106.1 salt-doc-3000-5.106.1 salt-master-3000-5.106.1 salt-minion-3000-5.106.1 salt-proxy-3000-5.106.1 salt-ssh-3000-5.106.1 salt-standalone-formulas-configuration-3000-5.106.1 salt-syndic-3000-5.106.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.106.1 salt-fish-completion-3000-5.106.1 salt-zsh-completion-3000-5.106.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.106.1 python3-salt-3000-5.106.1 salt-3000-5.106.1 salt-api-3000-5.106.1 salt-cloud-3000-5.106.1 salt-doc-3000-5.106.1 salt-master-3000-5.106.1 salt-minion-3000-5.106.1 salt-proxy-3000-5.106.1 salt-ssh-3000-5.106.1 salt-standalone-formulas-configuration-3000-5.106.1 salt-syndic-3000-5.106.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.106.1 salt-fish-completion-3000-5.106.1 salt-zsh-completion-3000-5.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.106.1 python3-salt-3000-5.106.1 salt-3000-5.106.1 salt-api-3000-5.106.1 salt-cloud-3000-5.106.1 salt-doc-3000-5.106.1 salt-master-3000-5.106.1 salt-minion-3000-5.106.1 salt-proxy-3000-5.106.1 salt-ssh-3000-5.106.1 salt-standalone-formulas-configuration-3000-5.106.1 salt-syndic-3000-5.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.106.1 salt-fish-completion-3000-5.106.1 salt-zsh-completion-3000-5.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.106.1 python3-salt-3000-5.106.1 salt-3000-5.106.1 salt-api-3000-5.106.1 salt-cloud-3000-5.106.1 salt-doc-3000-5.106.1 salt-master-3000-5.106.1 salt-minion-3000-5.106.1 salt-proxy-3000-5.106.1 salt-ssh-3000-5.106.1 salt-standalone-formulas-configuration-3000-5.106.1 salt-syndic-3000-5.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.106.1 salt-fish-completion-3000-5.106.1 salt-zsh-completion-3000-5.106.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:44:15 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:44:15 +0100 (CET) Subject: SUSE-SU-2021:0625-1: critical: Security update for salt Message-ID: <20210226144415.B9746FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0625-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-625=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.12.1 salt-minion-3000+ds-1+2.12.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:47:41 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:47:41 +0100 (CET) Subject: SUSE-SU-2021:0630-1: critical: Security update for salt Message-ID: <20210226144741.45F53FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0630-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-630=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-630=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-630=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3000-24.1 salt-cloud-3000-24.1 salt-master-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3000-24.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-salt-3000-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3000-24.1 salt-3000-24.1 salt-doc-3000-24.1 salt-minion-3000-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3000-24.1 salt-zsh-completion-3000-24.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:50:26 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:50:26 +0100 (CET) Subject: SUSE-SU-2021:14647-1: critical: Security update for salt Message-ID: <20210226145026.7E951FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14647-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-202102-14647=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+73.2 salt-minion-3000+ds-1+73.2 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:54:13 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:54:13 +0100 (CET) Subject: SUSE-SU-2021:14649-1: critical: Security update for salt Message-ID: <20210226145413.41DCDFD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14649-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-202102-14649=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+74.1 salt-minion-3000+ds-1+74.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 14:59:07 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 15:59:07 +0100 (CET) Subject: SUSE-SU-2021:0631-1: critical: Security update for salt Message-ID: <20210226145907.8C9A1FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0631-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-631=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-631=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-631=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-631=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-631=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-631=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-631=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-631=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-631=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Manager Server 4.0 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Manager Retail Branch Server 4.0 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Manager Proxy 4.0 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Manager Proxy 4.0 (x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 - SUSE CaaS Platform 4.0 (x86_64): python2-salt-3000-24.1 python3-salt-3000-24.1 salt-3000-24.1 salt-api-3000-24.1 salt-cloud-3000-24.1 salt-doc-3000-24.1 salt-master-3000-24.1 salt-minion-3000-24.1 salt-proxy-3000-24.1 salt-ssh-3000-24.1 salt-standalone-formulas-configuration-3000-24.1 salt-syndic-3000-24.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3000-24.1 salt-fish-completion-3000-24.1 salt-zsh-completion-3000-24.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 15:01:50 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 16:01:50 +0100 (CET) Subject: SUSE-SU-2021:14646-1: critical: Security update for salt Message-ID: <20210226150150.95CD5FD17@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14646-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-salt-202102-14646=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.33.1 salt-minion-3000+ds-1+2.33.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 15:04:26 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 16:04:26 +0100 (CET) Subject: SUSE-SU-2021:0627-1: critical: Security update for salt Message-ID: <20210226150426.7B4DFFFA5@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0627-1 Rating: critical References: #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVSS scores: CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-627=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2021-627=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-627=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.129.1 python3-salt-3000-46.129.1 salt-3000-46.129.1 salt-doc-3000-46.129.1 salt-minion-3000-46.129.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-3000-46.129.1 salt-3000-46.129.1 salt-minion-3000-46.129.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.129.1 salt-3000-46.129.1 salt-api-3000-46.129.1 salt-cloud-3000-46.129.1 salt-doc-3000-46.129.1 salt-master-3000-46.129.1 salt-minion-3000-46.129.1 salt-proxy-3000-46.129.1 salt-ssh-3000-46.129.1 salt-standalone-formulas-configuration-3000-46.129.1 salt-syndic-3000-46.129.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.129.1 salt-zsh-completion-3000-46.129.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182740 From sle-security-updates at lists.suse.com Fri Feb 26 20:17:59 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:17:59 +0100 (CET) Subject: SUSE-SU-2021:0650-1: important: Security update for nodejs14 Message-ID: <20210226201759.4D166FD14@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0650-1 Rating: important References: #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: New upstream LTS version 14.16.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-650=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.16.0-6.9.2 nodejs14-debuginfo-14.16.0-6.9.2 nodejs14-debugsource-14.16.0-6.9.2 nodejs14-devel-14.16.0-6.9.2 npm14-14.16.0-6.9.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.16.0-6.9.2 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 From sle-security-updates at lists.suse.com Fri Feb 26 20:21:27 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:21:27 +0100 (CET) Subject: SUSE-SU-2021:0651-1: important: Security update for nodejs12 Message-ID: <20210226202127.6FB3EFD14@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0651-1 Rating: important References: #1182333 #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-23840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: New upstream LTS version 12.21.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-651=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.21.0-4.13.2 nodejs12-debuginfo-12.21.0-4.13.2 nodejs12-debugsource-12.21.0-4.13.2 nodejs12-devel-12.21.0-4.13.2 npm12-12.21.0-4.13.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.21.0-4.13.2 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://www.suse.com/security/cve/CVE-2021-23840.html https://bugzilla.suse.com/1182333 https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 From sle-security-updates at lists.suse.com Fri Feb 26 20:23:41 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:23:41 +0100 (CET) Subject: SUSE-SU-2021:0647-1: Security update for csync2 Message-ID: <20210226202341.7A69BFD17@maintenance.suse.de> SUSE Security Update: Security update for csync2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0647-1 Rating: low References: #1145032 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for csync2 fixes the following issues: - Fixed an issue where TLS keys were generated wrongly during installation (bsc#1145032) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-647=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-647=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-647=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): csync2-2.0+git.1368794815.cf835a7-3.6.29 csync2-debuginfo-2.0+git.1368794815.cf835a7-3.6.29 csync2-debugsource-2.0+git.1368794815.cf835a7-3.6.29 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): csync2-2.0+git.1368794815.cf835a7-3.6.29 csync2-debuginfo-2.0+git.1368794815.cf835a7-3.6.29 csync2-debugsource-2.0+git.1368794815.cf835a7-3.6.29 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): csync2-2.0+git.1368794815.cf835a7-3.6.29 csync2-debuginfo-2.0+git.1368794815.cf835a7-3.6.29 csync2-debugsource-2.0+git.1368794815.cf835a7-3.6.29 References: https://bugzilla.suse.com/1145032 From sle-security-updates at lists.suse.com Fri Feb 26 20:24:52 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:24:52 +0100 (CET) Subject: SUSE-SU-2021:0652-1: important: Security update for java-1_8_0-ibm Message-ID: <20210226202452.DAF44FD17@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0652-1 Rating: important References: #1181239 #1182186 Cross-References: CVE-2020-14803 CVE-2020-27221 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27221 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-27221 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-652=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-652=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-652=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-652=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-652=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-652=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-652=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-652=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-652=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-652=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-652=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-652=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-652=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-652=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-652=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-652=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-alsa-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-devel-1.8.0_sr6.25-30.81.1 java-1_8_0-ibm-plugin-1.8.0_sr6.25-30.81.1 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://www.suse.com/security/cve/CVE-2020-27221.html https://bugzilla.suse.com/1181239 https://bugzilla.suse.com/1182186 From sle-security-updates at lists.suse.com Fri Feb 26 20:26:06 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:26:06 +0100 (CET) Subject: SUSE-SU-2021:0648-1: important: Security update for nodejs14 Message-ID: <20210226202606.2061FFD17@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0648-1 Rating: important References: #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - New upstream LTS version 14.16.0: * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-648=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs14-14.16.0-5.9.1 nodejs14-debuginfo-14.16.0-5.9.1 nodejs14-debugsource-14.16.0-5.9.1 nodejs14-devel-14.16.0-5.9.1 npm14-14.16.0-5.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs14-docs-14.16.0-5.9.1 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 From sle-security-updates at lists.suse.com Fri Feb 26 20:27:16 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Feb 2021 21:27:16 +0100 (CET) Subject: SUSE-SU-2021:0649-1: important: Security update for nodejs12 Message-ID: <20210226202716.9E1EFFD17@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0649-1 Rating: important References: #1182333 #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-23840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: New upstream LTS version 12.21.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-649=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.21.0-1.29.2 nodejs12-debuginfo-12.21.0-1.29.2 nodejs12-debugsource-12.21.0-1.29.2 nodejs12-devel-12.21.0-1.29.2 npm12-12.21.0-1.29.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.21.0-1.29.2 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://www.suse.com/security/cve/CVE-2021-23840.html https://bugzilla.suse.com/1182333 https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 From sle-security-updates at lists.suse.com Fri Feb 26 23:18:14 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Feb 2021 00:18:14 +0100 (CET) Subject: SUSE-SU-2021:0653-1: important: Security update for glibc Message-ID: <20210226231814.CDE06FD14@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0653-1 Rating: important References: #1178386 #1179694 #1179721 #1180038 #1181505 #1182117 Cross-References: CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 CVSS scores: CVE-2019-25013 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25013 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27618 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-29562 (NVD) : 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-29562 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-653=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-653=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-653=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-653=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-653=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-653=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-653=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-653=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-653=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-653=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-653=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-653=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-653=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-653=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-653=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Manager Server 4.0 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Manager Server 4.0 (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): glibc-2.26-13.56.1 glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Manager Retail Branch Server 4.0 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Manager Proxy 4.0 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Manager Proxy 4.0 (x86_64): glibc-2.26-13.56.1 glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): glibc-2.26-13.56.1 glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): glibc-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE Enterprise Storage 6 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 - SUSE Enterprise Storage 6 (x86_64): glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 - SUSE CaaS Platform 4.0 (x86_64): glibc-2.26-13.56.1 glibc-32bit-2.26-13.56.1 glibc-32bit-debuginfo-2.26-13.56.1 glibc-debuginfo-2.26-13.56.1 glibc-debugsource-2.26-13.56.1 glibc-devel-2.26-13.56.1 glibc-devel-32bit-2.26-13.56.1 glibc-devel-32bit-debuginfo-2.26-13.56.1 glibc-devel-debuginfo-2.26-13.56.1 glibc-devel-static-2.26-13.56.1 glibc-extra-2.26-13.56.1 glibc-extra-debuginfo-2.26-13.56.1 glibc-locale-2.26-13.56.1 glibc-locale-base-2.26-13.56.1 glibc-locale-base-32bit-2.26-13.56.1 glibc-locale-base-32bit-debuginfo-2.26-13.56.1 glibc-locale-base-debuginfo-2.26-13.56.1 glibc-profile-2.26-13.56.1 glibc-utils-2.26-13.56.1 glibc-utils-debuginfo-2.26-13.56.1 glibc-utils-src-debugsource-2.26-13.56.1 nscd-2.26-13.56.1 nscd-debuginfo-2.26-13.56.1 - SUSE CaaS Platform 4.0 (noarch): glibc-i18ndata-2.26-13.56.1 glibc-info-2.26-13.56.1 References: https://www.suse.com/security/cve/CVE-2019-25013.html https://www.suse.com/security/cve/CVE-2020-27618.html https://www.suse.com/security/cve/CVE-2020-29562.html https://www.suse.com/security/cve/CVE-2020-29573.html https://www.suse.com/security/cve/CVE-2021-3326.html https://bugzilla.suse.com/1178386 https://bugzilla.suse.com/1179694 https://bugzilla.suse.com/1179721 https://bugzilla.suse.com/1180038 https://bugzilla.suse.com/1181505 https://bugzilla.suse.com/1182117 From sle-security-updates at lists.suse.com Fri Feb 26 23:20:08 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Feb 2021 00:20:08 +0100 (CET) Subject: SUSE-SU-2021:0654-1: important: Security update for python-Jinja2 Message-ID: <20210226232008.27628FD14@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0654-1 Rating: important References: #1181944 #1182244 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-654=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-654=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-654=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-654=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-654=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-654=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-654=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-654=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-654=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-654=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-654=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-654=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-654=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-654=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-654=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-654=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-654=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Manager Retail Branch Server 4.0 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Manager Proxy 4.0 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE Enterprise Storage 6 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 - SUSE CaaS Platform 4.0 (noarch): python2-Jinja2-2.10.1-3.10.2 python3-Jinja2-2.10.1-3.10.2 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182244 From sle-security-updates at lists.suse.com Sat Feb 27 07:05:32 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Feb 2021 08:05:32 +0100 (CET) Subject: SUSE-CU-2021:58-1: Security update of suse/sle15 Message-ID: <20210227070532.DF8ABFD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:58-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.853 Container Release : 8.2.853 Severity : important Type : security References : 1178386 1179694 1179721 1180038 1181505 1182117 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) From sle-security-updates at lists.suse.com Sun Feb 28 07:14:17 2021 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Feb 2021 08:14:17 +0100 (CET) Subject: SUSE-CU-2021:59-1: Security update of suse/sle15 Message-ID: <20210228071417.D6BB6FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:59-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.347 Container Release : 4.22.347 Severity : important Type : security References : 1178386 1179694 1179721 1180038 1181505 1182117 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)