SUSE-IU-2021:6-1: Security update of suse-sles-15-sp1-chost-byos-v20210202-gen2

sle-security-updates at sle-security-updates at
Wed Feb 10 06:43:07 UTC 2021

SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20210202-gen2
Image Advisory ID : SUSE-IU-2021:6-1
Image Tags        : suse-sles-15-sp1-chost-byos-v20210202-gen2:20210202
Image Release     : 
Severity          : important
Type              : security
References        : 1002895 1014478 1040855 1044120 1044767 1050242 1050536 1050545
                        1050549 1054413 1055117 1056653 1056657 1056787 1064802 1065729
                        1066129 1067665 1084671 1089524 1094840 1099358 1099358 1101820
                        1103990 1103992 1104389 1104393 1107105 1109695 1109837 1110096
                        1111622 1111657 1111666 1112178 1112178 1112374 1115431 1115550
                        1116767 1118657 1119397 1121878 1122669 1123694 1125815 1125950
                        1125992 1126101 1129071 1129124 1129770 1132174 1132323 1132663
                        1132692 1132900 1134078 1136184 1136440 1136440 1136460 1136461
                        1136572 1138374 1138666 1139398 1139944 1140565 1141597 1141969
                        1142000 1142988 1144363 1144363 1144881 1144881 1144912 1145276
                        1145622 1146853 1146854 1148566 1148645 1149792 1150895 1151488
                        1152457 1153165 1154092 1154217 1155094 1155376 1156139 1156545
                        1157894 1158775 1159018 1160939 1160978 1161132 1161133 1162936
                        1162937 1163178 1163178 1163727 1164780 1165296 1165439 1167732
                        1168155 1169006 1170139 1170154 1170175 1170630 1171078 1171234
                        1171546 1171995 1172082 1172145 1172538 1172542 1172694 1172861
                        1172929 1173513 1173914 1174091 1174099 1174162 1174206 1174257
                        1174436 1174443 1174444 1174571 1174701 1174726 1174784 1174852
                        1174942 1175458 1175514 1175623 1175916 1176109 1176355 1176558
                        1176559 1176956 1177120 1177196 1177211 1177304 1177397 1177460
                        1177490 1177526 1177526 1177533 1177805 1177808 1177819 1177820
                        1178009 1178182 1178270 1178372 1178401 1178554 1178589 1178590
                        1178634 1178635 1178669 1178762 1178775 1178823 1178825 1178838
                        1178853 1178854 1178878 1178886 1178897 1178909 1178940 1178962
                        1179014 1179015 1179045 1179082 1179107 1179107 1179140 1179141
                        1179142 1179150 1179151 1179193 1179204 1179211 1179213 1179259
                        1179326 1179363 1179398 1179399 1179403 1179406 1179418 1179419
                        1179421 1179424 1179426 1179427 1179429 1179444 1179491 1179503
                        1179520 1179578 1179593 1179601 1179630 1179663 1179666 1179670
                        1179671 1179672 1179673 1179691 1179711 1179713 1179714 1179715
                        1179716 1179722 1179723 1179724 1179738 1179745 1179810 1179824
                        1179888 1179895 1179896 1179960 1179963 1180027 1180029 1180031
                        1180052 1180086 1180117 1180138 1180225 1180258 1180377 1180506
                        1180559 1180603 1180684 1180685 1180687 1180885 1181090 959556
                        982804 999200 CVE-2016-10745 CVE-2018-10903 CVE-2018-18074 CVE-2018-20669
                        CVE-2019-0816 CVE-2019-10906 CVE-2019-11236 CVE-2019-11324 CVE-2019-14853
                        CVE-2019-14859 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20934
                        CVE-2019-5010 CVE-2019-6470 CVE-2019-8341 CVE-2019-9740 CVE-2020-0444
                        CVE-2020-0465 CVE-2020-0466 CVE-2020-14145 CVE-2020-14422 CVE-2020-15436
                        CVE-2020-15437 CVE-2020-1747 CVE-2020-1971 CVE-2020-25669 CVE-2020-25709
                        CVE-2020-25710 CVE-2020-26116 CVE-2020-26137 CVE-2020-27068 CVE-2020-27619
                        CVE-2020-27777 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374
                        CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29660 CVE-2020-29661
                        CVE-2020-36158 CVE-2020-4788 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
                        CVE-2020-8492 CVE-2020-8631 CVE-2020-8632 CVE-2021-23239 CVE-2021-23240

The container suse-sles-15-sp1-chost-byos-v20210202-gen2 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2018:2430-1
Released:    Wed Oct 24 13:05:18 2018
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1101820,CVE-2018-10903
This update for python-cryptography fixes the following issues:

- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag
  length. If a user did not validate the input length prior to passing it to
  finalize_with_tag an attacker could craft an invalid payload with a shortened
  tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the
  MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820).

Advisory ID: SUSE-RU-2018:2873-1
Released:    Fri Dec  7 13:27:36 2018
Summary:     Recommended update for python-cffi
Type:        recommended
Severity:    moderate
References:  1111657
This update for python-cffi fixes the following issues:

- Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657)

Advisory ID: SUSE-SU-2019:1156-1
Released:    Mon May  6 13:46:07 2019
Summary:     Security update for python-Jinja2
Type:        security
Severity:    important
References:  1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341
This update for python-Jinja2 to version 2.10.1 fixes the following issues:

Security issues fixed:

- CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
- CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).

Advisory ID: SUSE-SU-2019:1487-1
Released:    Thu Jun 13 09:40:56 2019
Summary:     Security update for python-requests
Type:        security
Severity:    moderate
References:  1111622,CVE-2018-18074
This update for python-requests to version 2.20.1 fixes the following issues:

Security issue fixed:

- CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).

Advisory ID: SUSE-RU-2019:2005-1
Released:    Mon Jul 29 13:02:15 2019
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    moderate
References:  1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440
This update for cloud-init fixes the following issues:

- Fixes a bug where only the last defined route was written to the routes configuration
  file (bsc#1132692)
- Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950)
- Improved the writing of route config files to avoid issues (bsc#1125992)
- Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440)
- Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878)
- Added a fix to prevent the resolv.conf to be empty (bsc#1119397)
- Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101)
- Fixes an issue where the ifroute-eth0 file got corrupted when cloning an
  existing instance (bsc#1123694)

Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package
changelog for more details.
Advisory ID: SUSE-SU-2019:2332-1
Released:    Mon Sep  9 10:17:16 2019
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740
This update for python-urllib3 fixes the following issues:

Security issues fixed:

- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).

Advisory ID: SUSE-RU-2019:2422-1
Released:    Fri Sep 20 16:36:43 2019
Summary:     Recommended update for python-urllib3
Type:        recommended
Severity:    moderate
References:  1150895
This update for python-urllib3 fixes the following issues:

- Add missing dependency on python-six (bsc#1150895)

Advisory ID: SUSE-RU-2019:2494-1
Released:    Mon Sep 30 16:22:20 2019
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    important
References:  1141969,1144363,1144881
This update for cloud-init provides the following fixes:

- Properly handle static routes. The EphemeralDHCP context manager did not parse or handle
  rfc3442 classless static routes which prevented reading datasource metadata in some
  clouds. (bsc#1141969)
- The __str__ implementation no longer delivers the name of the interface, use the 'name'
  attribute instead to form a proper path in the sysfs tree. (bsc#1144363)
- If no routes are set for a subnet but the subnet has a gateway specified, set the
  gateway as the default route for the interface. (bsc#1144881)

Advisory ID: SUSE-RU-2019:2645-1
Released:    Fri Oct 11 17:11:23 2019
Summary:     Recommended update for python-cryptography
Type:        recommended
Severity:    moderate
References:  1149792
This update for python-cryptography fixes the following issues:

- Adds compatibility to openSSL 1.1.1d (bsc#1149792)
Advisory ID: SUSE-SU-2019:2657-1
Released:    Mon Oct 14 17:04:07 2019
Summary:     Security update for dhcp
Type:        security
Severity:    moderate
References:  1089524,1134078,1136572,CVE-2019-6470
This update for dhcp fixes the following issues:

Secuirty issue fixed:

- CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078).

Bug fixes:

- Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524).
- Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572).

Advisory ID: SUSE-SU-2019:2891-1
Released:    Mon Nov  4 17:47:10 2019
Summary:     Security update for python-ecdsa
Type:        security
Severity:    moderate
References:  1153165,1154217,CVE-2019-14853,CVE-2019-14859
This update for python-ecdsa to version 0.13.3 fixes the following issues:

Security issues fixed:

- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).

Advisory ID: SUSE-SU-2019:3096-1
Released:    Thu Nov 28 16:48:21 2019
Summary:     Security update for cloud-init
Type:        security
Severity:    moderate
References:  1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816
This update for cloud-init to version 19.2 fixes the following issues:

Security issue fixed:

- CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).

Non-security issues fixed:

- Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
- If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).

Advisory ID: SUSE-RU-2020:119-1
Released:    Thu Jan 16 15:42:39 2020
Summary:     Recommended update for python-jsonpatch
Type:        recommended
Severity:    moderate
References:  1160978
This update for python-jsonpatch fixes the following issues:

- Drop jsondiff binary to avoid conflict with python-jsondiff package.

Advisory ID: SUSE-RU-2020:245-1
Released:    Tue Jan 28 09:42:30 2020
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    moderate
References:  1155376,1156139,1157894,1161132,1161133
This update for cloud-init fixes the following issues:

- Fixed an issue where it was not possible to add SSH keys and thus it was not possible to
  log into the system (bsc#1161132, bsc#1161133)
- Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139)
- The route's destination network will now be written in CIDR notation. This provides support
  for correctly recording IPv6 routes (bsc#1155376)
- Many smaller fixes came with this package as well. For a full list of all changes, refer to the 
  rpm's changes file.
Advisory ID: SUSE-RU-2020:498-1
Released:    Wed Feb 26 17:59:44 2020
Summary:     Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized
Type:        recommended
Severity:    moderate
References:  1122669,1136184,1146853,1146854,1159018

This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues:

python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507):

Upgrade to 1.11.0:

  * Add ReservedConcurrentExecutions to globals
  * Fix ElasticsearchHttpPostPolicy resource reference
  * Support using AWS::Region in Ref and Sub
  * Documentation and examples updates
  * Add VersionDescription property to Serverless::Function
  * Update ServerlessRepoReadWriteAccessPolicy
  * Add additional template validation

Upgrade to 1.10.0:

  * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy
  * Add DynamoDBReconfigurePolicy
  * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy
  * Add EKSDescribePolicy
  * Add SESBulkTemplatedCrudPolicy
  * Add FilterLogEventsPolicy
  * Add SSMParameterReadPolicy
  * Add SESEmailTemplateCrudPolicy
  * Add s3:PutObjectAcl to S3CrudPolicy
  * Add allow_credentials CORS option
  * Add support for AccessLogSetting and CanarySetting Serverless::Api properties
  * Add support for X-Ray in Serverless::Api
  * Add support for MinimumCompressionSize in Serverless::Api
  * Add Auth to Serverless::Api globals
  * Remove trailing slashes from APIGW permissions
  * Add SNS FilterPolicy and an example application
  * Add Enabled property to Serverless::Function event sources
  * Add support for PermissionsBoundary in Serverless::Function
  * Fix boto3 client initialization
  * Add PublicAccessBlockConfiguration property to S3 bucket resource
  * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable
  * Add limited support for resolving intrinsics in Serverless::LayerVersion
  * SAM now uses Flake8
  * Add example application for S3 Events written in Go
  * Updated several example applications

python-cfn-lint was added in version 0.21.4:

- Add upstream patch to fix EOL dates for lambda runtimes
- Add upstream patch to fix test_config_expand_paths test

- Rename to python-cfn-lint.  This package has a python API, which
  is required by python-moto.

Update to version 0.21.4:

  + Features
    * Include more resource types in W3037
  + CloudFormation Specifications
    * Add Resource Type `AWS::CDK::Metadata`
  + Fixes
    * Uncap requests dependency in
    * Check Join functions have lists in the correct sections
    * Pass a parameter value for AutoPublishAlias when doing a Transform
    * Show usage examples when displaying the help

Update to version 0.21.3

  + Fixes
    * Support dumping strings for datetime objects when doing a Transform

Update to version 0.21.2

  + CloudFormation Specifications
    * Update CloudFormation specs to 3.3.0
    * Update instance types from pricing API as of 2019.05.23

Update to version 0.21.1

  + Features
    * Add `Info` logging capability and set the default logging to `NotSet`
  + Fixes
    * Only do rule logging (start/stop/time) when the rule is going to be called
    * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub`
    * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub`
    * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type

Update to version 0.21.0

  + Features
    * New rule E3038 to check if a Serverless resource includes the appropriate Transform
    * New rule E2531 to validate a Lambda's runtime against the deprecated dates
    * New rule W2531 to validate a Lambda's runtime against the EOL dates
    * Update rule E2541 to include updates to Code Pipeline capabilities
    * Update rule E2503 to include checking of values for load balancer attributes
  + CloudFormation Specifications
    * Update CloudFormation specs to 3.2.0
    * Update instance types from pricing API as of 2019.05.20
  + Fixes
    * Include setuptools in requires

Update to version 0.20.3

  + CloudFormation Specifications
    * Update instance types from pricing API as of 2019.05.16
  + Fixes
    * Update E7001 to allow float/doubles for mapping values
    * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed
    * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore

Update to version 0.20.2

  + Features
    * Add support for List<String> Parameter types
  + CloudFormation Specifications
    * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet
    * Create new property type for Security Group IDs or Names
    * Add new Lambda runtime environment for NodeJs 10.x
    * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive
    * Update Glue Crawler Role to take an ARN or a name
    * Remove PrimitiveType from MaintenanceWindowTarget Targets
    * Add Min/Max values for Load Balancer Ports to be between 1-65535
  + Fixes
    * Include License file in the pypi package to help with downstream projects
    * Filter out dynamic references from rule E3031 and E3030
    * Convert Python linting and Code Coverage from Python 3.6 to 3.7

Update to version 0.20.1

  + Fixes
    * Update rule E8003 to support more functions inside a Fn::Equals

Update to version 0.20.0

  + Features
    * Allow a rule's exception to be defined in a resource's metadata
    * Add rule configuration capabilities
    * Update rule E3012 to allow for non strict property checking
    * Add rule E8003 to test Fn::Equals structure and syntax
    * Add rule E8004 to test Fn::And structure and syntax
    * Add rule E8005 to test Fn::Not structure and syntax
    * Add rule E8006 to test Fn::Or structure and syntax
    * Include Path to error in the JSON output
    * Update documentation to describe how to install cfn-lint from brew
  + CloudFormation Specifications
    * Update CloudFormation specs to version 3.0.0
    * Add new region ap-east-1
    * Add list min/max and string min/max for CloudWatch Alarm Actions
    * Add allowed values for EC2::LaunchTemplate
    * Add allowed values for EC2::Host
    * Update allowed values for Amazon MQ to include 5.15.9
    * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions
    * Add AWS::EC2::VPCEndpointService to all regions
    * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN
    * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets
    * Update ManagedPolicyArns list size to be 20 which is the hard limit.  10 is the soft limit.
  + Fixes
    * Fix rule E3033 to check the string size when the string is inside a list
    * Fix an issue in which AWS::NotificationARNs was not a list
    * Add AWS::EC2::Volume to rule W3010
    * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger
    * Fix rule W3010 to not error when the availability zone is 'all'

Update to version 0.19.1

  + Fixes
    * Fix core Condition processing to support direct Condition in another Condition
    * Fix the W2030 to check numbers against string allowed values

Update to version 0.19.0

  + Features
    * Add NS and PTR Route53 record checking to rule E3020
    * New rule E3050 to check if a Ref to IAM Role has a Role path of '/'
    * New rule E3037 to look for duplicates in a list that doesn't support duplicates
    * New rule I3037 to look for duplicates in a list when duplicates are allowed
  + CloudFormation Specifications
    * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds
    * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument
    * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl
      NetworkInterface, PlacementGroup, and Volume
    * Add Min/max values to AWS::Budgets::Budget.Notification Threshold
    * Update RDS Instance types by database engine and license definitions using the pricing API
    * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN
    * Update AWS::ECS::Service Role to support Role Name or ARN
  + Fixes
    * Update E3025 to support the new structure of data in the RDS instance type json
    * Update E2540 to remove all nested conditions from the object
    * Update E3030 to not do strict type checking
    * Update E3020 to support conditions nested in the record sets
    * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats

Update to version 0.18.1

  + CloudFormation Specifications
    * Update CloudFormation Specs to 2.30.0
    * Fix IAM Regex Path to support more character types
    * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an
      InstanceProfile or GetAtt the InstanceProfile Arn
    * Allow VPC IDs to Ref a Parameter of type String
  + Fixes
    * Fix E3502 to check the size of the property instead of the parent object

Update to version 0.18.0

  + Features
    * New rule E3032 to check the size of lists
    * New rule E3502 to check JSON Object Size using definitions in the spec file
    * New rule E3033 to test the minimum and maximum length of a string
    * New rule E3034 to validate the min and max of a number
    * Remove Ebs Iops check from E2504 and use rule E3034 instead
    * Remove rule E2509 and use rule E3033 instead
    * Remove rule E2508 as it replaced by E3032 and E3502
    * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs
    * SAM requirement upped to minimal version of 1.10.0
  + CloudFormation Specifications
    * Extend specs to include:
      > `ListMin` and `ListMax` for the minimum and maximum size of a list
      > `JsonMax` to check the max size of a JSON Object
      > `StringMin` and `StringMax` to check the minimum and maximum length of a String
      > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long
    * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy
    * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance
    * Add AllowedValues for the AWS::GuardDuty Resources
    * Add AllowedValues for AWS::EC2 VPC and VPN Resources
    * Switch IAM Instance Profiles for certain resources to the type that only takes the name
    * Add regex pattern for IAM Instance Profile when a name (not Arn) is used
    * Add regex pattern for IAM Paths
    * Add Regex pattern for IAM Role Arn
    * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2
  + Fixes
    * Fix serverless transform to use DefinitionBody when Auth is in the API definition
    * Fix rule W2030 to not error when checking SSM or List Parameters

Update to version 0.17.1

  + Features
    * Update rule E2503 to make sure NLBs don't have a Security Group configured
  + CloudFormation Specifications
    * Add all the allowed values of the `AWS::Glue` Resources
    * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics`
    * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic`
    * Update CloudFormation specs to 2.29.0
    * Fix type with MariaDB in the AllowedValues
    * Update pricing information for data available on 2018.3.29
  + Fixes
    * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies
    * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+`
    * Fix rule E2532 to allow for `Parameters` inside a `Pass` action
    * Fix an issue when getting the location of an error in which numbers are causing an attribute error

Update to version 0.17.0

  + Features
    * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters.  Status: Released
    * Add new rule W3037 to validate IAM resource policies.  Status: Experimental
    * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released
  + CloudFormation Specifications
    * Update Spec files to 2.28.0
    * Add all the allowed values of the AWS::Redshift::* Resources
    * Add all the allowed values of the AWS::Neptune::* Resources
    * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required
    * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required
  + Fixes
    * Remove extra blank lines when there is no errors in the output
    * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition
    * Update rule E1029 to allow for literals in a Sub
    * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check
    * Correct typos for errors in rule W1001
    * Switch from parsing a template as Yaml to Json when finding an escape character
    * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers
    * Fix an issue with rule E2541 when non strings were used for Stage Names

Update to version 0.16.0

  + Features
    * Add rule E3031 to look for regex patterns based on the patched spec file
    * Remove regex checks from rule E2509
    * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting
  + CloudFormation Specifications
    * Update Spec files to 2.26.0
    * Add all the allowed values of the AWS::DirectoryService::* Resources
    * Add all the allowed values of the AWS::DynamoDB::* Resources
    * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2
    * Patch the spec file with regex patterns
    * Add all the allowed values of the AWS::DocDb::* Resources
  + Fixes
    * Update rule E2504 to have '20000' as the max value
    * Update rule E1016 to not allow ImportValue inside of Conditions
    * Update rule E2508 to check conditions when providing limit checks on managed policies
    * Convert unicode to strings when in Py 3.4/3.5 and updating specs
    * Convert from `awslabs` to `aws-cloudformation` organization
    * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with
      samtranslator 1.10.0

Update to version 0.15.0

  + Features
    * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks
    * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST
  + CloudFormation Specifications
    * Update Spec files to 2.24.0
    * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName
    * Add all the allowed values of the AWS::CloudFront::* Resources
    * Add all the allowed values of the AWS::DAX::* Resources
  + Fixes
    * Update config parsing to use the builtin Yaml decoder
    * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules
    * Update rule E1029 to better check Resource strings inside IAM Policies
    * Improve the line/column information of a Match with array support

Update to version 0.14.1

  + CloudFormation Specifications
    * Update CloudFormation Specs to version 2.23.0
    * Add allowed values for AWS::Config::* resources
    * Add allowed values for AWS::ServiceDiscovery::* resources
    * Fix allowed values for Apache MQ
  + Fixes
    * Update rule E3008 to not error when using a list from a custom resource
    * Support simple types in the CloudFormation spec
    * Add tests for the formatters

Update to version 0.14.0

  + Features
    * Add rule E3035 to check the values of DeletionPolicy
    * Add rule E3036 to check the values of UpdateReplacePolicy
    * Add rule E2014 to check that there are no REFs in the Parameter section
    * Update rule E2503 to support TLS on NLBs
  + CloudFormation Specifications
    * Update CloudFormation spec to version 2.22.0
    * Add allowed values for AWS::Cognito::* resources
  + Fixes
    * Update rule E3002 to allow GetAtts to Custom Resources under a Condition

Update to version 0.13.2

  + Features
    * Introducing the cfn-lint logo!
    * Update SAM dependency version
  + Fixes
    * Fix CloudWatchAlarmComparisonOperator allowed values.
    * Fix typo resoruce_type_spec in several files
    * Better support for nested And, Or, and Not when processing Conditions

Update to version 0.13.1

  + CloudFormation Specifications
    * Add allowed values for AWS::CloudTrail::Trail resources
    * Patch spec to have AWS::CodePipeline::CustomActionType Version included
  + Fixes
    * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified

Update to version 0.13.0

  + Features
    * New rule W1011 to check if a FindInMap is using the correct map name and keys
    * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used
    * Removed logic in E1011 and moved it to W1011 for validating keys
    * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne
    * Update rule E2505 to check the netmask bit
    * Include the ability to update the CloudFormation Specs using the Pricing API
  + CloudFormation Specifications
    * Update to version 2.21.0
    * Add allowed values for AWS::Budgets::Budget
    * Add allowed values for AWS::CertificateManager resources
    * Add allowed values for AWS::CodePipeline resources
    * Add allowed values for AWS::CodeCommit resources
    * Add allowed values for EC2 InstanceTypes from pricing API
    * Add allowed values for RedShift InstanceTypes from pricing API
    * Add allowed values for MQ InstanceTypes from pricing API
    * Add allowed values for RDS InstanceTypes from pricing API
  + Fixes
    * Fixed README indentation issue with .pre-commit-config.yaml
    * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task
    * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record
    * Update rule E3001 to support UpdateReplacePolicy
    * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder
    * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content

- Initial build
  + Version 0.12.1

Update to 0.9.1

 * the prof plugin now uses cProfile instead of hotshot for profiling
 * skipped tests now include the user's reason in junit XML's message field
 * the prettyassert plugin mishandled multi-line function definitions
 * Using a plugin's CLI flag when the plugin is already enabled via config
   no longer errors
 * nose2.plugins.prettyassert, enabled with --pretty-assert
 * Cleanup code for EOLed python versions
 * Dropped support for distutils.
 * Result reporter respects failure status set by other plugins
 * JUnit XML plugin now includes the skip reason in its output

Upgrade to 0.8.0:

- List of changes is too long to show here, see
  changes between 0.6.5 and 0.8.0

Update to 0.7.0:

* Added parameterized_class feature, for parameterizing entire test
  classes (many thanks to @TobyLL for their suggestions and help testing!)
* Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh;
* Make sure that `setUp` and `tearDown` methods work correctly (#40)
* Raise a ValueError when input is empty (thanks @danielbradburn;
* Fix the order when number of cases exceeds 10 (thanks @ntflc;

aws-cli was updated to version 1.16.223:

For detailed changes see the changes entries:

python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing
lots of bugs and adding features (bsc#1146853, bsc#1146854)

Advisory ID: SUSE-SU-2020:751-1
Released:    Mon Mar 23 16:32:44 2020
Summary:     Security update for cloud-init
Type:        security
Severity:    moderate
References:  1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632
This update for cloud-init fixes the following security issues:

- CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937).
- CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).

Advisory ID: SUSE-SU-2020:959-1
Released:    Wed Apr  8 12:59:50 2020
Summary:     Security update for python-PyYAML
Type:        security
Severity:    important
References:  1165439,CVE-2020-1747
This update for python-PyYAML fixes the following issues:

- CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439).

Advisory ID: SUSE-RU-2020:1000-1
Released:    Wed Apr 15 14:18:57 2020
Summary:     Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager
Type:        recommended
Severity:    moderate
References:  1014478,1054413,1140565,982804,999200
This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues:

The Azure python modules and client tool stack was updated to the 2020 state.

Various other python modules were added and updated.

- python-PyYAML was updated to 5.1.2.
- python-humanfriendly was updated 4.16.1.

Advisory ID: SUSE-RU-2020:1037-1
Released:    Mon Apr 20 10:49:39 2020
Summary:     Recommended update for python-pytest
Type:        recommended
Severity:    low
References:  1002895,1107105,1138666,1167732

This update fixes the following issues:

New python-pytest versions are provided.

In Basesystem:

- python3-pexpect: updated to 4.8.0
- python3-py: updated to 1.8.1
- python3-zipp: shipped as dependency in version 0.6.0

In Python2:

- python2-pexpect: updated to 4.8.0
- python2-py: updated to 1.8.1

Advisory ID: SUSE-RU-2020:1056-1
Released:    Tue Apr 21 16:26:22 2020
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    important
References:  1099358,1144881,1145622,1148645,1163178,1165296
This update for cloud-init contains the following fixes:

- Update previous patches with the following additions:
  + In cases where the config contains 2 or more default gateway specifications for
    an interface only write the first default route, log warning message about skipped
  + Avoid writing invalid route specification if neither the network nor destination
    is specified in the route configuration
  + Still need to consider the 'network' configuration uption for the v1 config
    implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42.
  + Add the default gateway to the ifroute config file when specified as part of
    the subnet configuration. (bsc#1165296)
  + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296)
  + Fix for default gateway and IPv6. (bsc#1144881)
  + Routes will be written if there is only a default gateway. (bsc#1148645)

- BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through
  the -mini flavor.

- Update to cloud-init 19.2. (bsc#1099358, bsc#1145622)

Advisory ID: SUSE-RU-2020:1496-1
Released:    Wed May 27 20:30:31 2020
Summary:     Recommended update for python-requests
Type:        recommended
Severity:    low
References:  1170175
This update for python-requests fixes the following issues:

- Fix for warnings 'test fails to build' for python http. (bsc#1170175)

Advisory ID: SUSE-RU-2020:1885-1
Released:    Fri Jul 10 14:54:22 2020
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    moderate
References:  1170154,1171546,1171995
This update for cloud-init contains the following fixes:

- rsyslog warning, '~' is deprecated: (bsc#1170154)
  + replace deprecated syntax '& ~' by '& stop' for more information please

  + Explicitly test for netconfig version 1 as well as 2.

  + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995)

Advisory ID: SUSE-RU-2020:1986-1
Released:    Tue Jul 21 16:06:29 2020
Summary:     Recommended update for openvswitch
Type:        recommended
Severity:    moderate
References:  1172861,1172929
This update for openvswitch fixes the following issues:

- Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861)
- Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929)

Advisory ID: SUSE-RU-2020:3323-1
Released:    Fri Nov 13 15:25:55 2020
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    moderate
References:  1174443,1174444,1177526
This update for cloud-init contains the following fixes:

+ Avoid exception if no gateway information is present and warning
  is triggered for existing routing. (bsc#1177526)

Update to version 20.2 (bsc#1174443, bsc#1174444)

  + doc/format: reference instead of an inline script (#334)
  + Add docs about  creating parent folders (#330) [Adrian Wilkins]
  + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470)
  + schema: ignore spurious pylint error (#332)
  + schema: add json schema for write_files module (#152)
  + BSD: find_devs_with_ refactoring (#298) [Goneri Le Bouder]
  + nocloud: drop work around for Linux 2.6 (#324) [Goneri Le Bouder]
  + cloudinit: drop dependencies on unittest2 and contextlib2 (#322)
  + distros: handle a potential mirror filtering error case (#328)
  + log: remove unnecessary import fallback logic (#327)
  + .travis.yml: don't run integration test on ubuntu/* branches (#321)
  + More unit test documentation (#314)
  + conftest: introduce disable_subp_usage autouse fixture (#304)
  + YAML align indent sizes for docs readability  (#323) [Tak Nishigori]
  + network_state: add missing space to log message (#325)
  + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910)
  + test_mounts: expand happy path test for both happy paths (#319)
  + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836)
  + swap file 'size' being used before checked if str (#315) [Eduardo Otubo]
  + HACKING.rst: add pytest version gotchas section (#311)
  + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers]
  + readme: OpenBSD is now supported (#309) [Goneri Le Bouder]
  + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421)
  + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370)
  + openbsd: set_passwd should not unlock user (#289) [Goneri Le Bouder]
  + tools/.github-cla-signers: add beezly as CLA signer (#301)
  + util: remove unnecessary lru_cache import fallback (#299)
  + HACKING.rst: reorganise/update CLA signature info (#297)
  + distros: drop leading/trailing hyphens from mirror URL labels (#296)
  + HACKING.rst: add note about variable annotations (#295)
  + CiTestCase: stop using and remove sys_exit helper (#283)
  + distros: replace invalid characters in mirror URLs with hyphens (#291)
    (LP: #1868232)
  + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy]
  + Fix cloud-init ignoring some misdeclared mimetypes in user-data.
    [Kurt Garloff]
  + net: ubuntu focal prioritize netplan over eni even if both present
    (#267) (LP: #1867029)
  + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292)
  + net/cmdline: replace type comments with annotations (#294)
  + HACKING.rst: add Type Annotations design section (#293)
  + net: introduce is_ip_address function (#288)
  + CiTestCase: remove now-unneeded parse_and_read helper method (#286)
  + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287)
  + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285)
  + drop NIH check_output implementation (#282)
  + Identify SAP Converged Cloud as OpenStack [Silvio Knizek]
  + add Openbsd support (#147) [Goneri Le Bouder]
  + HACKING.rst: add examples of the two test class types (#278)
  + VMWware: support to update guest info gc status if enabled (#261)
  + Add lp-to-git mapping for kgarloff (#279)
  + set_passwords: avoid chpasswd on BSD (#268) [Goneri Le Bouder]
  + HACKING.rst: add Unit Testing design section (#277)
  + util: read_cc_from_cmdline handle urlencoded yaml content (#275)
  + distros/tests/test_init: add tests for _get_package_mirror_info (#272)
  + HACKING.rst: add links to new Code Review Process doc (#276)
  + freebsd: ensure package update works (#273) [Goneri Le Bouder]
  + doc: introduce Code Review Process documentation (#160)
  + tools: use python3 (#274)
  + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327)
  + cc_apt_configure/util: combine search_for_mirror implementations (#271)
  + bsd: boottime does not depend on the libc soname (#269)
    [Goneri Le Bouder]
  + test_oracle,DataSourceOracle: sort imports (#266)
  + DataSourceOracle: update .network_config docstring (#257)
  + cloudinit/tests: remove unneeded with_logs configuration (#263)
  + .travis.yml: drop stale comment (#255)
  + .gitignore: add more common directories (#258)
  + ec2: render network on all NICs and add secondary IPs as static (#114)
    (LP: #1866930)
  + ec2 json validation: fix the reference to the 'merged_cfg' key (#256)
    [Paride Legovini]
  + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini]
  + cloudinit: remove six from packaging/tooling (#253)
  + util/netbsd: drop six usage (#252)
  + workflows: introduce stale pull request workflow (#125)
  + cc_resolv_conf: introduce tests and stabilise output across Python
    versions (#251)
  + fix minor issue with resolv_conf template (#144) [andreaf74]
  + doc: CloudInit also support NetBSD (#250) [Goneri Le Bouder]
  + Add Netbsd support (#62) [Goneri Le Bouder]
  + tox.ini: avoid substition syntax that causes a traceback on xenial (#245)
  + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby]
  + Introduce and use of a list of GitHub usernames that have signed CLA
  + workflows/cla.yml: use correct username for CLA check (#243)
  + tox.ini: use xenial version of jsonpatch in CI (#242)
  + workflows: CLA validation altered to fail status on pull_request (#164)
  + tox.ini: bump pyflakes version to 2.1.1 (#239)
  + cloudinit: move to pytest for running tests (#211)
  + instance-data: add cloud-init merged_cfg and sys_info keys to json
    (#214) (LP: #1865969)
  + ec2: Do not fallback to IMDSv1 on EC2 (#216)
  + instance-data: write redacted cfg to instance-data.json (#233)
    (LP: #1865947)
  + net: support network-config:disabled on the kernel commandline (#232)
    (LP: #1862702)
  + ec2: only redact token request headers in logs, avoid altering request
    (#230) (LP: #1865882)
  + docs: typo fixed: dta → data [Alexey Vazhnov]
  + Fixes typo on Amazon Web Services (#217) [Nick Wales]
  + Fix docs for OpenStack DMI Asset Tag (#228)
    [Mark T. Voelker] (LP: #1669875)
  + Add physical network type: cascading to openstack helpers (#200)
  + tests: add focal integration tests for ubuntu (#225)
- From 20.1 (first vesrion after 19.4)
  + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
    (LP: #1863943)
  + utils: use SystemRandom when generating random password. (#204)
    [Dimitri John Ledkov]
  + docs: mount_default_files is a list of 6 items, not 7 (#212)
  + azurecloud: fix issues with instances not starting (#205) (LP: #1861921)
  + unittest: fix stderr leak in cc_set_password random unittest
    output. (#208)
  + cc_disk_setup: add swap filesystem force flag (#207)
  + import sysvinit patches from freebsd-ports tree (#161) [Igor Galić]
  + docs: fix typo (#195) [Edwin Kofler]
  + sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
    [Robert Schweikert] (LP: #1800854)
  + cloudinit: replace 'from six import X' imports (except in (#183)
  + run-container: use 'test -n' instead of 'test ! -z' (#202)
    [Paride Legovini]
  + net/cmdline: correctly handle static ip= config (#201)
    [Dimitri John Ledkov] (LP: #1861412)
  + Replace mock library with unittest.mock (#186)
  + HACKING.rst: update CLA link (#199)
  + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
    [Louis Bouchard]
  + cloudinit/cmd/devel/ add missing space (#191)
  + tools/run-container: drop support for python2 (#192) [Paride Legovini]
  + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
  + Make the RPM build use Python 3 (#190) [Paride Legovini]
  + cc_set_password: increase random pwlength from 9 to 20 (#189)
    (LP: #1860795)
  + .travis.yml: use correct Python version for xenial tests (#185)
  + cloudinit: remove ImportError handling for mock imports (#182)
  + Do not use fallocate in swap file creation on xfs. (#70)
    [Eduardo Otubo] (LP: #1781781)
  + .readthedocs.yaml: install cloud-init when building docs (#181)
    (LP: #1860450)
  + Introduce an RTD config file, and pin the Sphinx version to the RTD
    default (#180)
  + Drop most of the remaining use of six (#179)
  + Start removing dependency on six (#178)
  + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
  + docs: add proposed SRU testing procedure (#167)
  + util: rename get_architecture to get_dpkg_architecture (#173)
  + Ensure util.get_architecture() runs only once (#172)
  + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann]
  + freebsd: remove superflu exception mapping (#166) [Goneri Le Bouder]
  + ssh_auth_key_fingerprints_disable test: fix capitalization (#165)
    [Paride Legovini]
  + util: move uptime's else branch into its own boottime function (#53)
    [Igor Galić] (LP: #1853160)
  + workflows: add contributor license agreement checker (#155)
  + net: fix rendering of 'static6' in network config (#77) (LP: #1850988)
  + Make tests work with Python 3.8 (#139) [Conrad Hoffmann]
  + fixed minor bug with mkswap in (#143) [andreaf74]
  + freebsd: fix create_group() cmd (#146) [Goneri Le Bouder]
  + doc: make apt_update example consistent (#154)
  + doc: add modules page toc with links (#153) (LP: #1852456)
  + Add support for the amazon variant in cloud.cfg.tmpl (#119)
    [Frederick Lefebvre]
  + ci: remove Python 2.7 from CI runs (#137)
  + modules: drop cc_snap_config config module (#134)
  + migrate-lp-user-to-github: ensure Launchpad repo exists (#136)
  + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers]
  + doc: update cc_set_hostname frequency and descrip (#109)
    [Joshua Powers] (LP: #1827021)
  + freebsd: introduce the freebsd renderer (#61) [Goneri Le Bouder]
  + cc_snappy: remove deprecated module (#127)
  + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130)
  + freebsd: cloudinit service requires devd (#132) [Goneri Le Bouder]
  + cloud-init: fix capitalisation of SSH (#126)
  + doc: update cc_ssh clarify host and auth keys
    [Joshua Powers] (LP: #1827021)
  + ci: emit names of tests run in Travis (#120)

Advisory ID: SUSE-RU-2020:3608-1
Released:    Wed Dec  2 18:16:12 2020
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    important
References:  1177526,1179150,1179151
This update for cloud-init contains the following fixes:

- Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151)
  + Properly set the password for the default user in all circumstances

- Patch the full package version into the cloud-init version file

- Update cloud-init-write-routes.patch (bsc#1177526)
  + Fix missing default route when dual stack network setup is used. Once
    a default route was configured for Ipv6 or IPv4 the default route
    configuration for the othre protocol was skipped.

Advisory ID: SUSE-SU-2020:3718-1
Released:    Wed Dec  9 10:31:01 2020
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1050549,1067665,1111666,1112178,1158775,1170139,1170630,1172542,1174726,1175916,1176109,1177304,1177397,1177805,1177808,1177819,1177820,1178182,1178589,1178635,1178669,1178838,1178853,1178854,1178878,1178886,1178897,1178940,1178962,1179107,1179140,1179141,1179211,1179213,1179259,1179403,1179406,1179418,1179421,1179424,1179426,1179427,1179429,CVE-2020-15436,CVE-2020-15437,CVE-2020-25669,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).
- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).
- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
- CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107).
- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).
- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).
- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).

The following non-security bugs were fixed:

- ACPI: GED: fix -Wformat (git-fixes).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- arm64: KVM: Fix system register enumeration (bsc#1174726).
- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- ath10k: Acquire tx_lock in tx error paths (git-fixes).
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).
- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
- bpf: Zero-fill re-used per-cpu map element (git-fixes).
- btrfs: account ticket size at add/delete time (bsc#1178897).
- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).
- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
- btrfs: do not delete mismatched root refs (bsc#1178962).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
- btrfs: fix invalid removal of root ref (bsc#1178962).
- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).
- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). 
- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).
- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).
- can: dev: can_restart(): post buffer from the right context (git-fixes).
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).
- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179259).
- ceph: check session state after bumping session->s_seq (bsc#1179259).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- Convert trailing spaces and periods in path components (bsc#1179424).
- docs: ABI: stable: remove a duplicated documentation (git-fixes).
- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
- Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).
- Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size.
- efi: cper: Fix possible out-of-bounds access (git-fixes).
- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549).
- fuse: fix page dereference after free (bsc#1179213).
- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665).
- futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665).
- hv_balloon: disable warning when floor reached (git-fixes).
- hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).
- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854).
- hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
- i40iw: Report correct firmware version (bsc#1111666)
- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
- IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)
- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)
- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
- IB/hfi1: Handle port down properly in pio (bsc#1111666)
- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)
- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)
- IB/hfi1: Remove unused define (bsc#1111666)
- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)
- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
- IB/iser: Fix dma_nents type definition (bsc#1111666)
- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)
- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
- IB/mlx4: Add and improve logging (bsc#1111666)
- IB/mlx4: Add support for MRA (bsc#1111666)
- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)
- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)
- IB/mlx4: Remove unneeded NULL check (bsc#1111666)
- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
- IB/mlx5: Fix implicit MR release flow (bsc#1111666)
- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)
- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
- IB/mlx5: Improve ODP debugging messages (bsc#1111666)
- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)
- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)
- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)
- IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
- IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)
- IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
- IB/qib: Remove a set-but-not-used variable (bsc#1111666)
- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
- IB/rxe: Make counters thread safe (bsc#1111666)
- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)
- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
- inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes).
- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- kABI workaround for usermodehelper changes (bsc#1179406).
- KVM: arm64: Add missing #include of -<linux/string.h> in guest.c (bsc#1174726).
- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).
- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).
- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).
- KVM host: kabi fixes for psci_version (bsc#1174726).
- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549).
- locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549).
- locktorture: Print ratio of acquisitions, not failures (bsc#1050549).
- mac80211: always wind down STA state (git-fixes).
- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
- mac80211: minstrel: fix tx status processing corner case (git-fixes).
- mac80211: minstrel: remove deferred sampling code (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).
- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).
- net: ena: Change license into format to SPDX in all files (bsc#1177397).
- net: ena: Change log message to netif/dev function (bsc#1177397).
- net: ena: Change RSS related macros and variables names (bsc#1177397).
- net: ena: ethtool: Add new device statistics (bsc#1177397).
- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).
- net: ena: Fix all static chekers' warnings (bsc#1177397).
- net: ena: Remove redundant print of placement policy (bsc#1177397).
- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
- netfilter: nat: can't use dst_hold on noref dst (bsc#1178878).
- net/mlx4_core: Fix init_hca fields offset (git-fixes).
- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630).
- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
- pinctrl: aspeed: Fix GPI only function problem (git-fixes).
- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)
- RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)
- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)
- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)
- RDMA/cma: Fix false error message (bsc#1111666)
- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
- RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)
- RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
- RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)
- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)
- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)
- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)
- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)
- RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
- RDMA/core: Fix race when resolving IP address (bsc#1111666)
- RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)
- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)
- RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)
- RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
- RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)
- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)
- RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
- RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)
- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)
- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)
- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)
- RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
- RDMA/mlx5: Return proper error value (bsc#1111666)
- RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
- RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)
- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
- RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
- RDMA/qedr: Fix doorbell setting (bsc#1111666)
- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
- RDMA/qedr: Fix reported firmware version (bsc#1111666)
- RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/qedr: SRQ's bug fixes (bsc#1111666)
- RDMA/qib: Delete extra line (bsc#1111666)
- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
- RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)
- RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)
- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
- RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)
- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)
- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)
- RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)
- RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
- RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
- RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
- RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
- RDMA/rxe: Set default vendor ID (bsc#1111666)
- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)
- RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)
- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
- RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)
- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)
- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)
- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)
- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
- reboot: fix overflow parsing reboot cpu number (bsc#1179421).
- regulator: avoid resolve_supply() infinite recursion (git-fixes).
- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).
- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).
- regulator: workaround self-referent regulators (git-fixes).
- Revert 'cdc-acm: hardening against malicious devices' (git-fixes).
- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)
- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
- rxe: fix error completion wr_id and qp_num (bsc#1111666)
- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).
- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).
- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).
- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
- sched/x86: SaveFLAGS on context switch (bsc#1112178).
- scripts/git_sort/ add ceph maintainers git tree
- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes).
- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
- Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
- time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).
- tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).
- tty: serial: imx: keep console clocks always on (git-fixes).
- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).
- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
- USB: core: driver: fix stray tabs in error messages (git-fixes).
- USB: core: Fix regression in Hercules audio card (git-fixes).
- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
- USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).
- USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
- USB: serial: cyberjack: fix write-URB completion race (git-fixes).
- USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).
- USB: serial: option: add Cellient MPL200 card (git-fixes).
- USB: serial: option: Add Telit FT980-KS composition (git-fixes).
- USB: serial: pl2303: add device-id for HP GC device (git-fixes).
- usermodehelper: reset umask to default before executing user process (bsc#1179406).
- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
- x86/hyperv: Clarify comment on x2apic mode (git-fixes).
- x86/hyperv: Make vapic support x2apic mode (git-fixes).
- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).
- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).
- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).
- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).

Advisory ID: SUSE-SU-2020:3720-1
Released:    Wed Dec  9 13:36:26 2020
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:

- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

Advisory ID: SUSE-SU-2020:3723-1
Released:    Wed Dec  9 13:37:55 2020
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1177120,CVE-2020-26137
This update for python-urllib3 fixes the following issues:

- CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120).	  

Advisory ID: SUSE-SU-2020:3733-1
Released:    Wed Dec  9 18:18:35 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  

Advisory ID: SUSE-RU-2020:3750-1
Released:    Fri Dec 11 08:53:26 2020
Summary:     Recommended update for open-lldp
Type:        recommended
Severity:    moderate
References:  1156545
This update for open-lldp fixes the following issue:

- Update from version 1.0.1+63.f977e67 to version v1.0.1+64.29d12e584af1

  - Prevent double definition of `ETH_P_LLDP` when building on new kernels (bsc#1156545)

Advisory ID: SUSE-RU-2020:3751-1
Released:    Fri Dec 11 08:53:40 2020
Summary:     Recommended update for kdump
Type:        recommended
Severity:    moderate
References:  1173914,1177196
This update for kdump fixes the following issues:

- Remove `console=hvc0` from command line. (bsc#1173914)
- Set serial console from Xen command line. (bsc#1173914)
- Do not add `rd.neednet=1` to dracut command line. (bsc#1177196)

Advisory ID: SUSE-RU-2020:3792-1
Released:    Mon Dec 14 17:39:24 2020
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1145276
This update for gzip fixes the following issues:

Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974)

- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) 

  Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
- Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914)
- Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914)

  Enable it using the `--enable-dfltcc` option.
- Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file.  
  Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when 
  used as part of a pipeline.
- A use of uninitialized memory on some malformed inputs has been fixed.
- A few theoretical race conditions in signal handlers have been fixed.
- Update gnulib for `libio.h` removal.

Advisory ID: SUSE-RU-2020:3803-1
Released:    Tue Dec 15 09:40:41 2020
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1176355
This update for rsyslog fixes the following issues:

- Fixes a crash for imfile (bsc#1176355)

Advisory ID: SUSE-RU-2020:3853-1
Released:    Wed Dec 16 12:27:27 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

Advisory ID: SUSE-SU-2020:3866-1
Released:    Thu Dec 17 12:06:08 2020
Summary:     Security update for openssh
Type:        security
Severity:    moderate
References:  1115550,1139398,1142000,1148566,1173513,1174162,CVE-2020-14145
This update for openssh fixes the following issues:

- CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513).
- Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000)
- Fixed an issue where oracle cluster with  cluvfy using 'scp' failing/missinterpreted (bsc#1148566).
- Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162).
- Added speculative hardening for key storage (bsc#1139398).  

Advisory ID: SUSE-SU-2020:3930-1
Released:    Wed Dec 23 18:19:39 2020
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492
This update for python3 fixes the following issues:

- Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Change setuptools and pip version numbers according to new wheels
- Handful of changes to make python36 compatible with SLE15 and SLE12
  (jsc#ECO-2799, jsc#SLE-13738)
- add triplets for mips-r6 and riscv

Update to 3.6.12 (bsc#1179193)

* Ensure python3.dll is loaded from correct locations when Python is embedded
* The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface 
  incorrectly generated constant hash values of 32 and 128 respectively. This 
  resulted in always causing hash collisions. The fix uses hash() to generate 
  hash values for the tuple of (address, mask length, network address).
* Prevent http header injection by rejecting control characters in 
* Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now 
  UnpicklingError instead of crashing.
* Avoid infinite loop when reading specially crafted TAR files using the tarfile 

- This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).

Update to 3.6.11:

- Disallow CR or LF in email.headerregistry. Address
  arguments to guard against header injection attacks.
- Disallow control characters in hostnames in http.client, addressing
  CVE-2019-18348. Such potentially malicious header injection URLs now
  cause a InvalidURL to be raised. (bsc#1155094)
- CVE-2020-8492: The AbstractBasicAuthHandler class
  of the urllib.request module uses an inefficient regular
  expression which can be exploited by an attacker to cause
  a denial of service. Fix the regex to prevent the
  catastrophic backtracking. Vulnerability reported by Ben
  Caller and Matt Schwager.

Advisory ID: SUSE-RU-2020:3942-1
Released:    Tue Dec 29 12:22:01 2020
Summary:     Recommended update for libidn2
Type:        recommended
Severity:    moderate
References:  1180138
This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
  adjusted the RPM license tags (bsc#1180138)

Advisory ID: SUSE-RU-2020:3943-1
Released:    Tue Dec 29 12:24:45 2020
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1178823
This update for libxml2 fixes the following issues:

Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
  to check their various constraints (that keys are unique and that
  keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.

Advisory ID: SUSE-RU-2020:3946-1
Released:    Tue Dec 29 17:39:54 2020
Summary:     Recommended update for python3
Type:        recommended
Severity:    important
References:  1180377
This update for python3 fixes the following issues:

- A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3,
  which caused regressions in several applications. (bsc#1180377)

Advisory ID: SUSE-RU-2021:10-1
Released:    Mon Jan  4 10:01:52 2021
Summary:     Recommended update for dmidecode
Type:        recommended
Severity:    moderate
References:  1174257
This update for dmidecode fixes the following issue:

- Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257)

Advisory ID: SUSE-SU-2021:118-1
Released:    Thu Jan 14 06:16:26 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1112178,1112374,1115431,1118657,1129770,1136460,1136461,1138374,1139944,1144912,1152457,1163727,1164780,1171078,1172145,1172538,1172694,1174784,1174852,1176558,1176559,1176956,1178270,1178372,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179142,1179204,1179419,1179444,1179520,1179578,1179601,1179663,1179666,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,1180559,CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-28374,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).
- CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).
- CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).
- CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).
- CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).
- CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).
- CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).
- CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).
- CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).
- CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).
- CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).
- CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).

The following non-security bugs were fixed:

- ACPI: PNP: compare the string length in the matching_id() (git-fixes).
- ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes).
- ACPICA: Do not increment operation_region reference counts for field units (git-fixes).
- ALSA: ca0106: fix error code handling (git-fixes).
- ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes).
- ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).
- ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).
- ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).
- ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).
- ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).
- ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).
- ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).
- ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).
- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).
- ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).
- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).
- ALSA: hda: Fix potential race in unsol event handler (git-fixes).
- ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).
- ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).
- ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).
- ALSA: line6: Perform sanity check for each URB creation (git-fixes).
- ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).
- ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).
- ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).
- ALSA: timer: Limit max amount of slave instances (git-fixes).
- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).
- ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).
- ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).
- ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).
- ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes).
- ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).
- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).
- ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).
- ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).
- ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).
- ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).
- ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).
- ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).
- ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).
- ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).
- ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).
- ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).
- ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).
- ASoC: pcm: DRAIN support reactivation (git-fixes).
- ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).
- ASoC: sti: fix possible sleep-in-atomic (git-fixes).
- ASoC: wm8904: fix regcache handling (git-fixes).
- ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).
- ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).
- ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes).
- ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).
- ath10k: Fix an error handling path (git-fixes).
- ath10k: fix backtrace on coredump (git-fixes).
- ath10k: fix get invalid tx rate for Mesh metric (git-fixes).
- ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes).
- ath10k: Release some resources in an error handling path (git-fixes).
- ath10k: Remove msdu from idr when management pkt send fails (git-fixes).
- ath6kl: fix enum-conversion warning (git-fixes).
- ath9k_htc: Discard undersized packets (git-fixes).
- ath9k_htc: Modify byte order for an error message (git-fixes).
- ath9k_htc: Silence undersized packet warnings (git-fixes).
- ath9k_htc: Use appropriate rs_datalen type (git-fixes).
- Avoid a GCC warning about '/*' within a comment.
- backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).
- Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
- Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes).
- Bluetooth: Fix advertising duplicated flags (git-fixes).
- Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes).
- Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).
- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).
- btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).
- btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).
- btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).
- bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).
- can: mcp251x: add error check when wq alloc failed (git-fixes).
- can: softing: softing_netdev_open(): fix error handling (git-fixes).
- cfg80211: initialize rekey_data (git-fixes).
- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).
- cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).
- clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).
- clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).
- clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).
- clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).
- clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).
- clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).
- clk: tegra: Fix duplicated SE clock entry (git-fixes).
- clk: tegra: Fix Tegra PMC clock out parents (git-fixes).
- clk: ti: composite: fix memory leak (git-fixes).
- clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).
- clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).
- clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).
- coredump: fix core_pattern parse error (git-fixes).
- cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).
- cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).
- cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).
- cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).
- crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes).
- crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes).
- crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).
- crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).
- cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes).
- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).
- drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes).
- drm/amd/display: remove useless if/else (git-fixes).
- drm/amdgpu: fix build_coefficients() argument (git-fixes).
- drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).
- drm/gma500: fix double free of gma_connector (git-fixes).
- drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770)
- drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).
- drm/msm/dpu: Add newline to printks (git-fixes).
- drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).
- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).
- epoll: Keep a reference on files added to the check list (bsc#1180031).
- ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672).
- ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).
- ext4: limit entries returned when counting fsmap records (bsc#1179671).
- ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673).
- extcon: max77693: Fix modalias string (git-fixes).
- fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: 	* updated path drivers/video/fbcon/core to drivers/video/console
- fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: 	* updated path drivers/video/fbcon/core to drivers/video/console 	* context changes
- firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes).
- fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).
- forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).
- fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711).
- geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).
- genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729).
- gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
- gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes).
- gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).
- gpio: max77620: Fixup debounce delays (git-fixes).
- gpio: max77620: Use correct unit for debounce times (git-fixes).
- gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).
- gpio: mvebu: fix potential user-after-free on probe (git-fixes).
- gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes).
- gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).
- gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes).
- gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes).
- gpiolib: fix up emulated open drain outputs (git-fixes).
- HID: Add another Primax PIXART OEM mouse quirk (git-fixes).
- HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
- HID: core: check whether Usage Page item is after Usage ID items (git-fixes).
- HID: core: Correctly handle ReportSize being zero (git-fixes).
- HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).
- HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).
- HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).
- HID: Improve Windows Precision Touchpad detection (git-fixes).
- HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes).
- HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes).
- HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes).
- hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
- hwmon: (jc42) Fix name to have no illegal characters (git-fixes).
- i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
- i2c: i801: Fix resume bug (git-fixes).
- i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).
- i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).
- i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).
- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes).
- ibmvnic: add some debugs (bsc#1179896 ltc#190255).
- ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).
- ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: enhance resetting status check during module exit (bsc#1065729).
- ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes).
- ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).
- ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).
- ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes).
- ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).
- igc: Fix returning wrong statistics (bsc#1118657).
- iio: adc: max1027: Reset the device at probe time (git-fixes).
- iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes).
- iio: bmp280: fix compensation of humidity (git-fixes).
- iio: buffer: Fix demux update (git-fixes).
- iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).
- iio: fix center temperature of bmc150-accel-core (git-fixes).
- iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes).
- iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes).
- iio: srf04: fix wrong limitation in distance measuring (git-fixes).
- iio:imu:bmi160: Fix too large a buffer (git-fixes).
- iio:pressure:mpl3115: Force alignment of buffer (git-fixes).
- inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes).
- Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).
- Input: ads7846 - fix race that causes missing releases (git-fixes).
- Input: ads7846 - fix unaligned access on 7845 (git-fixes).
- Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).
- Input: cm109 - do not stomp on control URB (git-fixes).
- Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).
- Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).
- Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).
- Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).
- Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).
- Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).
- Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).
- Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).
- Input: omap4-keypad - fix runtime PM error handling (git-fixes).
- Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
- Input: trackpoint - add new trackpoint variant IDs (git-fixes).
- Input: trackpoint - enable Synaptics trackpoints (git-fixes).
- Input: xpad - support Ardwiino Controllers (git-fixes).
- ipw2x00: Fix -Wcast-function-type (git-fixes).
- irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes).
- iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).
- iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).
- iwlwifi: pcie: limit memory read spin time (git-fixes).
- kABI fix for g2d (git-fixes).
- kABI workaround for dsa/b53 changes (git-fixes).
- kABI workaround for HD-audio generic parser (git-fixes).
- kABI workaround for net/ipvlan changes (git-fixes).
- kABI: ath10k: move a new structure member to the end (git-fixes).
- kABI: genirq: add back irq_create_mapping (bsc#1065729).
- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install
- kernel-{binary,source} do not create loop symlinks (bsc#1179082)
- kgdb: Fix spurious true from in_dbg_master() (git-fixes).
- KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178).
- mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
- mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes).
- mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes).
- mac80211: fix authentication with iwlwifi/mvm (git-fixes).
- mac80211: fix use of skb payload instead of header (git-fixes).
- mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).
- matroxfb: avoid -Warray-bounds warning (git-fixes).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/cluster: fix deadlock when node is doing resync job (bsc#1163727).
- md/raid5: fix oops during stripe resizing (git-fixes).
- media: am437x-vpfe: Setting STD to current value is not an error (git-fixes).
- media: cec-funcs.h: add status_req checks (git-fixes).
- media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes).
- media: gspca: Fix memory leak in probe (git-fixes).
- media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).
- media: i2c: ov2659: Fix missing 720p register config (git-fixes).
- media: i2c: ov2659: fix s_stream return value (git-fixes).
- media: msi2500: assign SPI bus number dynamically (git-fixes).
- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
- media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).
- media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes).
- media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
- media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).
- media: si470x-i2c: add missed operations in remove (git-fixes).
- media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes).
- media: solo6x10: fix missing snd_card_free in error handling case (git-fixes).
- media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes).
- media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).
- media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes).
- media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes).
- media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes).
- media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes).
- media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes).
- media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).
- media: uvcvideo: Set media controller entity functions (git-fixes).
- media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).
- media: v4l2-async: Fix trivial documentation typo (git-fixes).
- media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).
- media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes).
- mei: bus: do not clean driver pointer (git-fixes).
- mei: protect mei_cl_mtu from null dereference (git-fixes).
- memstick: fix a double-free bug in memstick_check (git-fixes).
- memstick: r592: Fix error return in r592_probe() (git-fixes).
- mfd: rt5033: Fix errorneous defines (git-fixes).
- mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).
- mlxsw: core: Fix memory leak on module removal (bsc#1112374).
- mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258).
- mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).
- mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).
- net/smc: fix valid DMBE buffer sizes (git-fixes).
- net/tls: Fix kmap usage (bsc#1109837).
- net/tls: missing received data after fast remote close (bsc#1109837).
- net/x25: prevent a couple of overflows (bsc#1178590).
- net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).
- net: aquantia: fix LRO with FCS error (git-fixes).
- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).
- net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes).
- net: dsa: b53: Ensure the default VID is untagged (git-fixes).
- net: dsa: b53: Fix default VLAN ID (git-fixes).
- net: dsa: b53: Properly account for VLAN filtering (git-fixes).
- net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).
- net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes).
- net: dsa: qca8k: remove leftover phy accessors (git-fixes).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
- net: ena: handle bad request id in ena_netdev (git-fixes).
- net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).
- net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).
- net: macb: add missing barriers when reading descriptors (git-fixes).
- net: macb: fix dropped RX frames due to a race (git-fixes).
- net: macb: fix error format in dev_err() (git-fixes).
- net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes).
- net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).
- net: phy: Avoid multiple suspends (git-fixes).
- net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).
- net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: seeq: Fix the function used to release some memory in an error handling path (git-fixes).
- net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).
- net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).
- net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).
- net: stmmac: fix csr_clk can't be zero issue (git-fixes).
- net: stmmac: Fix reception of Broadcom switches tags (git-fixes).
- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).
- net: usb: sr9800: fix uninitialized local variable (git-fixes).
- net:ethernet:aquantia: Extra spinlocks removed (git-fixes).
- net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).
- nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
- nfc: s3fwrn5: Release the nfc firmware (git-fixes).
- nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
- nfp: use correct define to return NONE fec (bsc#1109837).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- ocfs2: fix unbalanced locking (bsc#1180506).
- ocfs2: initialize ip_next_orphan (bsc#1179724).
- orinoco: Move context allocation after processing the skb (git-fixes).
- parport: load lowlevel driver if ports not found (git-fixes).
- PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).
- PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes).
- PCI: Do not disable decoding when mmio_always_on is set (git-fixes).
- PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).
- phy: Revert toggling reset changes (git-fixes).
- pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).
- pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).
- pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes).
- pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes).
- pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes).
- pinctrl: merrifield: Set default bias in case no particular value given (git-fixes).
- pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).
- platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes).
- platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes).
- platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes).
- platform/x86: mlx-platform: remove an unused variable (git-fixes).
- platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes).
- platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes).
- PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes).
- PM: ACPI: Output correct message on target power state (git-fixes).
- PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).
- PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).
- pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes).
- power: supply: bq24190_charger: fix reference leak (git-fixes).
- power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).
- powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729).
- powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253).
- powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).
- powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630).
- powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313).
- powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes).
- powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).
- powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes).
- powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).
- powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630).
- powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729).
- ppp: remove the PPPIOCDETACH ioctl (git-fixes).
- pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).
- qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).
- qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).
- qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).
- radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).
- ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).
- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).
- RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
- regmap: debugfs: check count when read regmap file (git-fixes).
- regmap: dev_get_regmap_match(): fix string comparison (git-fixes).
- regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes).
- regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes).
- regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes).
- regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).
- reiserfs: Fix oops during mount (bsc#1179715).
- reiserfs: Initialize inode keys properly (bsc#1179713).
- remoteproc: Fix wrong rvring index computation (git-fixes).
- rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).
- rtc: 88pm860x: fix possible race condition (git-fixes).
- rtc: hym8563: enable wakeup when applicable (git-fixes).
- rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes).
- rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).
- s390/bpf: Fix multiple tail calls (git-fixes).
- s390/cpuinfo: show processor physical address (git-fixes).
- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).
- s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).
- s390/qeth: fix af_iucv notification race (git-fixes).
- s390/qeth: fix tear down of async TX buffers (git-fixes).
- s390/qeth: make af_iucv TX notification call more robust (git-fixes).
- s390/stp: add locking to sysfs functions (git-fixes).
- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).
- scripts/lib/SUSE/ properly close prjconf Macros: section
- scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).
- scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780).
- scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780).
- scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780).
- scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).
- scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780).
- scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780).
- scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780).
- scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).
- scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780).
- scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).
- scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).
- scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780).
- scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780).
- scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).
- scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780).
- scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780).
- scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).
- scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).
- scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780).
- scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780).
- scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780).
- scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780).
- scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780).
- scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780).
- scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780).
- scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780).
- scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780).
- scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780).
- scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780).
- scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780).
- scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780).
- scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).
- scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).
- scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780).
- scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).
- scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780).
- scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).
- scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).
- scsi: lpfc: Rework remote port lock handling (bsc#1164780).
- scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780).
- scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780).
- scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).
- scsi: lpfc: Update lpfc version to (bsc#1164780).
- scsi: lpfc: Update lpfc version to (bsc#1164780).
- scsi: lpfc: Update lpfc version to (bsc#1164780).
- scsi: lpfc: Use generic power management (bsc#1164780).
- scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Update version to (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810).
- scsi: Remove unneeded break statements (bsc#1164780).
- scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).
- scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810).
- serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes).
- serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
- serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes).
- serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).
- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).
- serial_core: Check for port state when tty is in error state (git-fixes).
- SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- SMB3: Honor lease disabling for multiuser mounts (git-fixes).
- soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).
- soc: imx: gpc: fix power up sequencing (git-fixes).
- soc: mediatek: Check if power domains can be powered on at boot time (git-fixes).
- soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).
- soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).
- soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).
- spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes).
- spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes).
- spi: davinci: Fix use-after-free on unbind (git-fixes).
- spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).
- spi: dw: Fix Rx-only DMA transfers (git-fixes).
- spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes).
- spi: Fix memory leak on splited transfers (git-fixes).
- spi: img-spfi: fix potential double release (git-fixes).
- spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).
- spi: pic32: Do not leak DMA channels in probe error path (git-fixes).
- spi: pxa2xx: Add missed security checks (git-fixes).
- spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).
- spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
- spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).
- spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).
- spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes).
- spi: st-ssc4: add missed pm_runtime_disable (git-fixes).
- spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes).
- spi: tegra114: fix reference leak in tegra spi ops (git-fixes).
- spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes).
- spi: tegra20-slink: add missed clk_unprepare (git-fixes).
- spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes).
- splice: only read in as much information as there is pipe buffer space (bsc#1179520).
- staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).
- staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes).
- staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).
- staging: olpc_dcon: add a missing dependency (git-fixes).
- staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes).
- staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes).
- staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).
- staging: rtl8188eu: fix possible null dereference (git-fixes).
- staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).
- staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).
- staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes).
- staging: wlan-ng: properly check endpoint types (git-fixes).
- sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).
- sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).
- sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes).
- sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes).
- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).
- svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).
- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).
- thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes).
- timer: Fix wheel index calculation on last level (git fixes)
- timer: Prevent base->clk from moving backward (git-fixes)
- tty: always relink the port (git-fixes).
- tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).
- tty: link tty and port before configuring it as console (git-fixes).
- tty: synclink_gt: Adjust indentation in several functions (git-fixes).
- tty: synclinkmp: Adjust indentation in several functions (git-fixes).
- tty:serial:mvebu-uart:fix a wrong return (git-fixes).
- uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).
- uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).
- usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).
- usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).
- usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes).
- usb: dwc2: Fix IN FIFO allocation (git-fixes).
- usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).
- usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes).
- usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).
- usb: fsl: Check memory resource before releasing it (git-fixes).
- usb: gadget: composite: Fix possible double free memory bug (git-fixes).
- usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes).
- usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).
- usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).
- usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes).
- usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).
- usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).
- usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).
- usb: gadget: fix wrong endpoint desc (git-fixes).
- usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).
- usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).
- usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).
- usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes).
- usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes).
- usb: hso: Fix debug compile warning on sparc32 (git-fixes).
- usb: ldusb: use unsigned size format specifiers (git-fixes).
- usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes).
- usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).
- usb: serial: ch341: add new Product ID for CH341A (git-fixes).
- usb: serial: ch341: sort device-id entries (git-fixes).
- usb: serial: digi_acceleport: clean up modem-control handling (git-fixes).
- usb: serial: digi_acceleport: clean up set_termios (git-fixes).
- usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).
- usb: serial: digi_acceleport: remove in_interrupt() usage.
- usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes).
- usb: serial: digi_acceleport: rename tty flag variable (git-fixes).
- usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes).
- usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).
- usb: serial: keyspan_pda: fix stalled writes (git-fixes).
- usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).
- usb: serial: keyspan_pda: fix write deadlock (git-fixes).
- usb: serial: keyspan_pda: fix write unthrottling (git-fixes).
- usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).
- usb: serial: kl5kusb105: fix memleak on open (git-fixes).
- usb: serial: mos7720: fix parallel-port state restore (git-fixes).
- usb: serial: option: add Fibocom NL668 variants (git-fixes).
- usb: serial: option: add interface-number sanity check to flag handling (git-fixes).
- usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes).
- usb: serial: option: fix Quectel BG96 matching (git-fixes).
- usb: Skip endpoints with 0 maxpacket length (git-fixes).
- usb: UAS: introduce a quirk to set no_write_same (git-fixes).
- usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).
- usblp: poison URBs upon disconnect (git-fixes).
- usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).
- video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).
- vt: do not hardcode the mem allocation upper bound (git-fixes).
- vt: Reject zero-sized screen buffer size (git-fixes).
- watchdog: coh901327: add COMMON_CLK dependency (git-fixes).
- watchdog: da9062: do not ping the hw during stop() (git-fixes).
- watchdog: da9062: No need to ping manually before setting timeout (git-fixes).
- watchdog: qcom: Avoid context switch in restart handler (git-fixes).
- watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).
- wimax: fix duplicate initializer warning (git-fixes).
- wireless: Use linux/stddef.h instead of stddef.h (git-fixes).
- wireless: Use offsetof instead of custom macro (git-fixes).
- x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178).
- x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178).
- x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).
- x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).
- x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178).
- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178).
- x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178).
- x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).
- x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178).
- x86/tracing: Introduce a static key for exception tracing (bsc#1179895).
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178).
- xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).
- xprtrdma: fix incorrect header size calculations (git-fixes).

Advisory ID: SUSE-SU-2021:129-1
Released:    Thu Jan 14 12:26:15 2021
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).

Non-security issue fixed:

- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)

Advisory ID: SUSE-RU-2021:178-1
Released:    Wed Jan 20 13:38:02 2021
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1160939,1168155,1171234,1172082,1174099,959556
This update for wicked fixes the following issues:

- Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099)
- Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770)
- Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082)
- Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234)
- Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556)
- Implement support for RFC7217. (jsc#SLE-6960)
- Fix for schema to avoid not applying 'rto_min' including new time format. (bsc#1160939)

Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

Advisory ID: SUSE-RU-2021:220-1
Released:    Tue Jan 26 14:00:51 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1180603
This update for keyutils fixes the following issues:

- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

Advisory ID: SUSE-RU-2021:221-1
Released:    Tue Jan 26 14:31:39 2021
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    low
This update for SUSEConnect fixes the following issue:

Update to version 0.3.29

- Replace the Ruby path with the native one during build phase.

Advisory ID: SUSE-SU-2021:227-1
Released:    Tue Jan 26 19:22:14 2021
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156
This update for sudo fixes the following issues:

- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges 
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]

Advisory ID: SUSE-RU-2021:233-1
Released:    Wed Jan 27 12:15:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:

- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
  StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

Advisory ID: SUSE-RU-2021:239-1
Released:    Fri Jan 29 06:49:13 2021
Summary:     Recommended update for btrfsprogs
Type:        recommended
Severity:    moderate
References:  1174206
This update for btrfsprogs fixes the following issues:

- Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206)

Advisory ID: SUSE-RU-2021:265-1
Released:    Mon Feb  1 15:06:45 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1178775,1180885
This update for systemd fixes the following issues:

- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)

Advisory ID: SUSE-RU-2021:266-1
Released:    Mon Feb  1 21:02:37 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1177533,1179326,1179691,1179738
This update for lvm2 fixes the following issue:

- Fixes an issue when boot logical volume gets unmounted during patching. (bsc#1177533)
- Fix for lvm2 to use 'external_device_info_source='udev'' by default. (bsc#1179691)
- Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738)
- Fixed an issue when after storage migration major performance issues occurred on the system. (bsc#1179326)

More information about the sle-security-updates mailing list