From sle-updates at lists.suse.com Mon Aug 3 07:13:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 15:13:10 +0200 (CEST) Subject: SUSE-SU-2020:2103-1: important: Security update for the Linux Kernel Message-ID: <20200803131310.C7100FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2103-1 Rating: important References: #1051510 #1065729 #1071995 #1085030 #1111666 #1112178 #1113956 #1114279 #1144333 #1148868 #1150660 #1151927 #1152624 #1158983 #1159058 #1161016 #1162002 #1162063 #1163309 #1166985 #1167104 #1168081 #1168959 #1169194 #1169514 #1169771 #1169795 #1170011 #1170442 #1170592 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171732 #1171739 #1171743 #1171753 #1171759 #1171835 #1171841 #1171868 #1171904 #1172247 #1172257 #1172344 #1172458 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172775 #1172781 #1172782 #1172783 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173514 #1173567 #1173573 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174186 #1174187 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 Cross-References: CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 81 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bsc#1173074). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bsc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c: incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bsc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c: injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bsc#1173573). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - Drop another USB dwc3 gadget patch that broke the build - Drop USB dwc3 gadget patch that broke the build on openSUSE-15.1 branch - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) Refresh patches.suse/mdraid-fix-read-write-bytes-accounting.patch - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2103=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.38.1 kernel-source-azure-4.12.14-8.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.38.1 kernel-azure-base-4.12.14-8.38.1 kernel-azure-base-debuginfo-4.12.14-8.38.1 kernel-azure-debuginfo-4.12.14-8.38.1 kernel-azure-devel-4.12.14-8.38.1 kernel-syms-azure-4.12.14-8.38.1 References: https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 3 13:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:12:51 +0200 (CEST) Subject: SUSE-SU-2020:2106-1: important: Security update for the Linux Kernel Message-ID: <20200803191251.1A6E7FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2106-1 Rating: important References: #1051510 #1065729 #1071995 #1104967 #1152107 #1158755 #1162002 #1170011 #1171078 #1171673 #1171732 #1171868 #1172257 #1172775 #1172781 #1172782 #1172783 #1172999 #1173265 #1173280 #1173514 #1173567 #1173573 #1173659 #1173999 #1174000 #1174115 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-livepatch-4.12.14-150.55.1 kernel-livepatch-4_12_14-150_55-default-1-1.3.1 kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1158755 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173999 https://bugzilla.suse.com/1174000 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 3 13:16:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:16:44 +0200 (CEST) Subject: SUSE-SU-2020:14442-1: important: Security update for the Linux Kernel Message-ID: <20200803191644.04708FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14442-1 Rating: important References: #1159912 #1159913 #1162002 #1171218 #1171219 #1171220 #1172775 #1172999 #1173265 #1174462 #1174543 Cross-References: CVE-2019-5108 CVE-2020-0305 CVE-2020-10732 CVE-2020-10769 CVE-2020-10773 CVE-2020-12652 CVE-2020-12656 CVE-2020-13974 CVE-2020-14416 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability (bnc#1171218). - CVE-2019-5108: Fixed a denial-of-service vulnerability in the wifi stack. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). The following non-security bugs were fixed: - Fix gcc-discovered error in zeroing a struct (bnc#680814) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14442=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14442=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14442=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.117.1 kernel-default-base-3.0.101-108.117.1 kernel-default-devel-3.0.101-108.117.1 kernel-source-3.0.101-108.117.1 kernel-syms-3.0.101-108.117.1 kernel-trace-3.0.101-108.117.1 kernel-trace-base-3.0.101-108.117.1 kernel-trace-devel-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.117.1 kernel-ec2-base-3.0.101-108.117.1 kernel-ec2-devel-3.0.101-108.117.1 kernel-xen-3.0.101-108.117.1 kernel-xen-base-3.0.101-108.117.1 kernel-xen-devel-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.117.1 kernel-bigmem-base-3.0.101-108.117.1 kernel-bigmem-devel-3.0.101-108.117.1 kernel-ppc64-3.0.101-108.117.1 kernel-ppc64-base-3.0.101-108.117.1 kernel-ppc64-devel-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.117.1 kernel-pae-base-3.0.101-108.117.1 kernel-pae-devel-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.117.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.117.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.117.1 kernel-default-debugsource-3.0.101-108.117.1 kernel-trace-debuginfo-3.0.101-108.117.1 kernel-trace-debugsource-3.0.101-108.117.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.117.1 kernel-trace-devel-debuginfo-3.0.101-108.117.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.117.1 kernel-ec2-debugsource-3.0.101-108.117.1 kernel-xen-debuginfo-3.0.101-108.117.1 kernel-xen-debugsource-3.0.101-108.117.1 kernel-xen-devel-debuginfo-3.0.101-108.117.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.117.1 kernel-bigmem-debugsource-3.0.101-108.117.1 kernel-ppc64-debuginfo-3.0.101-108.117.1 kernel-ppc64-debugsource-3.0.101-108.117.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.117.1 kernel-pae-debugsource-3.0.101-108.117.1 kernel-pae-devel-debuginfo-3.0.101-108.117.1 References: https://www.suse.com/security/cve/CVE-2019-5108.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://bugzilla.suse.com/1159912 https://bugzilla.suse.com/1159913 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 3 13:18:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:18:35 +0200 (CEST) Subject: SUSE-SU-2020:2109-1: moderate: Security update for python-rtslib-fb Message-ID: <20200803191835.A94CBFDE4@maintenance.suse.de> SUSE Security Update: Security update for python-rtslib-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2109-1 Rating: moderate References: #1173257 Cross-References: CVE-2020-14019 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-rtslib-fb fixes the following issues: - Update to version v2.1.73 (bsc#1173257 CVE-2020-14019): * version 2.1.73 * save_to_file: fix fd open mode * saveconfig: copy temp configfile with permissions * saveconfig: open the temp configfile with modes set * Fix "is not" with a literal SyntaxWarning * Fix an incorrect config path in two comments * version 2.1.72 * Do not change dbroot after drivers have been registered * Remove '_if_needed' from RTSRoot._set_dbroot()'s name Replacing old tarball with python-rtslib-fb-v2.1.73.tar.xz Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2109=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2109=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-rtslib-fb-2.1.73-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-rtslib-fb-2.1.73-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14019.html https://bugzilla.suse.com/1173257 From sle-updates at lists.suse.com Mon Aug 3 13:19:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:19:20 +0200 (CEST) Subject: SUSE-SU-2020:2107-1: important: Security update for the Linux Kernel Message-ID: <20200803191920.C9DEEFDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2107-1 Rating: important References: #1051510 #1065729 #1071995 #1085030 #1111666 #1112178 #1113956 #1114279 #1144333 #1148868 #1150660 #1151927 #1152107 #1152624 #1158983 #1159058 #1161016 #1162002 #1162063 #1163309 #1166985 #1167104 #1168081 #1168959 #1169194 #1169514 #1169771 #1169795 #1170011 #1170442 #1170592 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171732 #1171739 #1171743 #1171753 #1171759 #1171835 #1171841 #1171868 #1171904 #1172247 #1172257 #1172344 #1172458 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172775 #1172781 #1172782 #1172783 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173514 #1173567 #1173573 #1173659 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174186 #1174187 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 82 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2107=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2107=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-extra-4.12.14-197.48.1 kernel-default-extra-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 reiserfs-kmp-default-4.12.14-197.48.1 reiserfs-kmp-default-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.48.1 kernel-obs-build-debugsource-4.12.14-197.48.1 kernel-syms-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.48.1 kernel-source-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.48.1 kernel-default-base-4.12.14-197.48.1 kernel-default-base-debuginfo-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-devel-4.12.14-197.48.1 kernel-default-devel-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.48.1 kernel-macros-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.48.1 kernel-zfcpdump-debuginfo-4.12.14-197.48.1 kernel-zfcpdump-debugsource-4.12.14-197.48.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.48.1 cluster-md-kmp-default-debuginfo-4.12.14-197.48.1 dlm-kmp-default-4.12.14-197.48.1 dlm-kmp-default-debuginfo-4.12.14-197.48.1 gfs2-kmp-default-4.12.14-197.48.1 gfs2-kmp-default-debuginfo-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 ocfs2-kmp-default-4.12.14-197.48.1 ocfs2-kmp-default-debuginfo-4.12.14-197.48.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 3 13:31:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:31:18 +0200 (CEST) Subject: SUSE-SU-2020:2105-1: important: Security update for the Linux Kernel Message-ID: <20200803193118.632BCFDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2105-1 Rating: important References: #1058115 #1065729 #1071995 #1085030 #1148868 #1152472 #1152489 #1153274 #1154353 #1154492 #1155518 #1155798 #1156395 #1157169 #1158050 #1158242 #1158265 #1158748 #1158765 #1158983 #1159781 #1159867 #1160947 #1161495 #1162002 #1162063 #1162400 #1162702 #1164648 #1164777 #1164780 #1165211 #1165933 #1165975 #1166985 #1167104 #1167651 #1167773 #1168230 #1168779 #1168838 #1168959 #1169021 #1169094 #1169194 #1169514 #1169681 #1169771 #1170011 #1170284 #1170442 #1170617 #1170774 #1170879 #1170891 #1170895 #1171150 #1171189 #1171191 #1171219 #1171220 #1171246 #1171417 #1171513 #1171529 #1171530 #1171662 #1171688 #1171699 #1171732 #1171739 #1171743 #1171759 #1171828 #1171857 #1171868 #1171904 #1171915 #1171982 #1171983 #1171988 #1172017 #1172046 #1172061 #1172062 #1172063 #1172064 #1172065 #1172066 #1172067 #1172068 #1172069 #1172073 #1172086 #1172095 #1172169 #1172170 #1172201 #1172208 #1172223 #1172342 #1172343 #1172344 #1172365 #1172366 #1172374 #1172391 #1172393 #1172394 #1172453 #1172458 #1172467 #1172484 #1172537 #1172543 #1172687 #1172719 #1172739 #1172751 #1172759 #1172775 #1172781 #1172782 #1172783 #1172814 #1172823 #1172841 #1172871 #1172938 #1172939 #1172940 #1172956 #1172983 #1172984 #1172985 #1172986 #1172987 #1172988 #1172989 #1172990 #1172999 #1173060 #1173068 #1173074 #1173085 #1173139 #1173206 #1173271 #1173280 #1173284 #1173428 #1173438 #1173461 #1173514 #1173552 #1173573 #1173625 #1173746 #1173776 #1173817 #1173818 #1173820 #1173822 #1173823 #1173824 #1173825 #1173826 #1173827 #1173828 #1173830 #1173831 #1173832 #1173833 #1173834 #1173836 #1173837 #1173838 #1173839 #1173841 #1173843 #1173844 #1173845 #1173847 #1173849 #1173860 #1173894 #1173941 #1174018 #1174072 #1174116 #1174126 #1174127 #1174128 #1174129 #1174185 #1174244 #1174263 #1174264 #1174331 #1174332 #1174333 #1174345 #1174356 #1174396 #1174398 #1174407 #1174409 #1174411 #1174438 #1174462 #1174513 #1174527 #1174543 #1174627 #962849 Cross-References: CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 193 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth?? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to "flash_device" (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not "select" CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated "multiplier = " log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem "region" ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert "staging: imgu: Address a compiler warning on alignment" (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (git-fixes). - Revert "drm/amd/display: disable dcn20 abm feature for bring up" (git-fixes). - Revert "i2c: tegra: Fix suspending in active runtime PM state" (git-fixes). - Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" (git-fixes). - Revert "thermal: mediatek: fix register index error" (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use "smp_mb()" to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow "CFLIST" to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2105=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2105=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-extra-5.3.18-24.9.1 kernel-default-extra-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 reiserfs-kmp-default-5.3.18-24.9.1 reiserfs-kmp-default-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.9.1 kernel-obs-build-debugsource-5.3.18-24.9.1 kernel-syms-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.9.1 kernel-preempt-debugsource-5.3.18-24.9.1 kernel-preempt-devel-5.3.18-24.9.1 kernel-preempt-devel-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.9.2 kernel-source-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.9.1 kernel-default-base-5.3.18-24.9.1.9.2.6 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-devel-5.3.18-24.9.1 kernel-default-devel-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.9.1 kernel-preempt-debuginfo-5.3.18-24.9.1 kernel-preempt-debugsource-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.9.1 kernel-macros-5.3.18-24.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.9.1 cluster-md-kmp-default-debuginfo-5.3.18-24.9.1 dlm-kmp-default-5.3.18-24.9.1 dlm-kmp-default-debuginfo-5.3.18-24.9.1 gfs2-kmp-default-5.3.18-24.9.1 gfs2-kmp-default-debuginfo-5.3.18-24.9.1 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 ocfs2-kmp-default-5.3.18-24.9.1 ocfs2-kmp-default-debuginfo-5.3.18-24.9.1 References: https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158050 https://bugzilla.suse.com/1158242 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158748 https://bugzilla.suse.com/1158765 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159781 https://bugzilla.suse.com/1159867 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161495 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1162400 https://bugzilla.suse.com/1162702 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1164777 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1165211 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1165975 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167651 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168230 https://bugzilla.suse.com/1168779 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169021 https://bugzilla.suse.com/1169094 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169681 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1170879 https://bugzilla.suse.com/1170891 https://bugzilla.suse.com/1170895 https://bugzilla.suse.com/1171150 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171246 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171513 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171699 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171828 https://bugzilla.suse.com/1171857 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171915 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172046 https://bugzilla.suse.com/1172061 https://bugzilla.suse.com/1172062 https://bugzilla.suse.com/1172063 https://bugzilla.suse.com/1172064 https://bugzilla.suse.com/1172065 https://bugzilla.suse.com/1172066 https://bugzilla.suse.com/1172067 https://bugzilla.suse.com/1172068 https://bugzilla.suse.com/1172069 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172086 https://bugzilla.suse.com/1172095 https://bugzilla.suse.com/1172169 https://bugzilla.suse.com/1172170 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172208 https://bugzilla.suse.com/1172223 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172365 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172374 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172393 https://bugzilla.suse.com/1172394 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172467 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172543 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172739 https://bugzilla.suse.com/1172751 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172814 https://bugzilla.suse.com/1172823 https://bugzilla.suse.com/1172841 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172938 https://bugzilla.suse.com/1172939 https://bugzilla.suse.com/1172940 https://bugzilla.suse.com/1172956 https://bugzilla.suse.com/1172983 https://bugzilla.suse.com/1172984 https://bugzilla.suse.com/1172985 https://bugzilla.suse.com/1172986 https://bugzilla.suse.com/1172987 https://bugzilla.suse.com/1172988 https://bugzilla.suse.com/1172989 https://bugzilla.suse.com/1172990 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173068 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173085 https://bugzilla.suse.com/1173139 https://bugzilla.suse.com/1173206 https://bugzilla.suse.com/1173271 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173438 https://bugzilla.suse.com/1173461 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173552 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173625 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173776 https://bugzilla.suse.com/1173817 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173822 https://bugzilla.suse.com/1173823 https://bugzilla.suse.com/1173824 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173827 https://bugzilla.suse.com/1173828 https://bugzilla.suse.com/1173830 https://bugzilla.suse.com/1173831 https://bugzilla.suse.com/1173832 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173834 https://bugzilla.suse.com/1173836 https://bugzilla.suse.com/1173837 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173841 https://bugzilla.suse.com/1173843 https://bugzilla.suse.com/1173844 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173847 https://bugzilla.suse.com/1173849 https://bugzilla.suse.com/1173860 https://bugzilla.suse.com/1173894 https://bugzilla.suse.com/1173941 https://bugzilla.suse.com/1174018 https://bugzilla.suse.com/1174072 https://bugzilla.suse.com/1174116 https://bugzilla.suse.com/1174126 https://bugzilla.suse.com/1174127 https://bugzilla.suse.com/1174128 https://bugzilla.suse.com/1174129 https://bugzilla.suse.com/1174185 https://bugzilla.suse.com/1174244 https://bugzilla.suse.com/1174263 https://bugzilla.suse.com/1174264 https://bugzilla.suse.com/1174331 https://bugzilla.suse.com/1174332 https://bugzilla.suse.com/1174333 https://bugzilla.suse.com/1174345 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174396 https://bugzilla.suse.com/1174398 https://bugzilla.suse.com/1174407 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174411 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174513 https://bugzilla.suse.com/1174527 https://bugzilla.suse.com/1174543 https://bugzilla.suse.com/1174627 https://bugzilla.suse.com/962849 From sle-updates at lists.suse.com Mon Aug 3 13:57:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 21:57:34 +0200 (CEST) Subject: SUSE-SU-2020:2106-1: important: Security update for the Linux Kernel Message-ID: <20200803195734.2F203FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2106-1 Rating: important References: #1051510 #1065729 #1071995 #1104967 #1152107 #1158755 #1162002 #1170011 #1171078 #1171673 #1171732 #1171868 #1172257 #1172775 #1172781 #1172782 #1172783 #1172999 #1173265 #1173280 #1173514 #1173567 #1173573 #1173659 #1173999 #1174000 #1174115 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2106=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2106=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2106=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2106=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2106=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.55.1 kernel-default-base-4.12.14-150.55.1 kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-devel-4.12.14-150.55.1 kernel-default-devel-debuginfo-4.12.14-150.55.1 kernel-obs-build-4.12.14-150.55.1 kernel-obs-build-debugsource-4.12.14-150.55.1 kernel-syms-4.12.14-150.55.1 kernel-vanilla-base-4.12.14-150.55.1 kernel-vanilla-base-debuginfo-4.12.14-150.55.1 kernel-vanilla-debuginfo-4.12.14-150.55.1 kernel-vanilla-debugsource-4.12.14-150.55.1 reiserfs-kmp-default-4.12.14-150.55.1 reiserfs-kmp-default-debuginfo-4.12.14-150.55.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.55.1 kernel-docs-4.12.14-150.55.1 kernel-macros-4.12.14-150.55.1 kernel-source-4.12.14-150.55.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.55.1 kernel-default-base-4.12.14-150.55.1 kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-devel-4.12.14-150.55.1 kernel-default-devel-debuginfo-4.12.14-150.55.1 kernel-obs-build-4.12.14-150.55.1 kernel-obs-build-debugsource-4.12.14-150.55.1 kernel-syms-4.12.14-150.55.1 kernel-vanilla-base-4.12.14-150.55.1 kernel-vanilla-base-debuginfo-4.12.14-150.55.1 kernel-vanilla-debuginfo-4.12.14-150.55.1 kernel-vanilla-debugsource-4.12.14-150.55.1 reiserfs-kmp-default-4.12.14-150.55.1 reiserfs-kmp-default-debuginfo-4.12.14-150.55.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.55.1 kernel-docs-4.12.14-150.55.1 kernel-macros-4.12.14-150.55.1 kernel-source-4.12.14-150.55.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.55.1 kernel-zfcpdump-debuginfo-4.12.14-150.55.1 kernel-zfcpdump-debugsource-4.12.14-150.55.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-livepatch-4.12.14-150.55.1 kernel-livepatch-4_12_14-150_55-default-1-1.3.1 kernel-livepatch-4_12_14-150_55-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.55.1 kernel-default-base-4.12.14-150.55.1 kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-devel-4.12.14-150.55.1 kernel-default-devel-debuginfo-4.12.14-150.55.1 kernel-obs-build-4.12.14-150.55.1 kernel-obs-build-debugsource-4.12.14-150.55.1 kernel-syms-4.12.14-150.55.1 kernel-vanilla-base-4.12.14-150.55.1 kernel-vanilla-base-debuginfo-4.12.14-150.55.1 kernel-vanilla-debuginfo-4.12.14-150.55.1 kernel-vanilla-debugsource-4.12.14-150.55.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.55.1 kernel-docs-4.12.14-150.55.1 kernel-macros-4.12.14-150.55.1 kernel-source-4.12.14-150.55.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.55.1 kernel-default-base-4.12.14-150.55.1 kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 kernel-default-devel-4.12.14-150.55.1 kernel-default-devel-debuginfo-4.12.14-150.55.1 kernel-obs-build-4.12.14-150.55.1 kernel-obs-build-debugsource-4.12.14-150.55.1 kernel-syms-4.12.14-150.55.1 kernel-vanilla-base-4.12.14-150.55.1 kernel-vanilla-base-debuginfo-4.12.14-150.55.1 kernel-vanilla-debuginfo-4.12.14-150.55.1 kernel-vanilla-debugsource-4.12.14-150.55.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.55.1 kernel-docs-4.12.14-150.55.1 kernel-macros-4.12.14-150.55.1 kernel-source-4.12.14-150.55.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.55.1 cluster-md-kmp-default-debuginfo-4.12.14-150.55.1 dlm-kmp-default-4.12.14-150.55.1 dlm-kmp-default-debuginfo-4.12.14-150.55.1 gfs2-kmp-default-4.12.14-150.55.1 gfs2-kmp-default-debuginfo-4.12.14-150.55.1 kernel-default-debuginfo-4.12.14-150.55.1 kernel-default-debugsource-4.12.14-150.55.1 ocfs2-kmp-default-4.12.14-150.55.1 ocfs2-kmp-default-debuginfo-4.12.14-150.55.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1158755 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173999 https://bugzilla.suse.com/1174000 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 3 14:01:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 22:01:43 +0200 (CEST) Subject: SUSE-SU-2020:2105-1: important: Security update for the Linux Kernel Message-ID: <20200803200143.DCAEEFEC3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2105-1 Rating: important References: #1058115 #1065729 #1071995 #1085030 #1148868 #1152472 #1152489 #1153274 #1154353 #1154492 #1155518 #1155798 #1156395 #1157169 #1158050 #1158242 #1158265 #1158748 #1158765 #1158983 #1159781 #1159867 #1160947 #1161495 #1162002 #1162063 #1162400 #1162702 #1164648 #1164777 #1164780 #1165211 #1165933 #1165975 #1166985 #1167104 #1167651 #1167773 #1168230 #1168779 #1168838 #1168959 #1169021 #1169094 #1169194 #1169514 #1169681 #1169771 #1170011 #1170284 #1170442 #1170617 #1170774 #1170879 #1170891 #1170895 #1171150 #1171189 #1171191 #1171219 #1171220 #1171246 #1171417 #1171513 #1171529 #1171530 #1171662 #1171688 #1171699 #1171732 #1171739 #1171743 #1171759 #1171828 #1171857 #1171868 #1171904 #1171915 #1171982 #1171983 #1171988 #1172017 #1172046 #1172061 #1172062 #1172063 #1172064 #1172065 #1172066 #1172067 #1172068 #1172069 #1172073 #1172086 #1172095 #1172169 #1172170 #1172201 #1172208 #1172223 #1172342 #1172343 #1172344 #1172365 #1172366 #1172374 #1172391 #1172393 #1172394 #1172453 #1172458 #1172467 #1172484 #1172537 #1172543 #1172687 #1172719 #1172739 #1172751 #1172759 #1172775 #1172781 #1172782 #1172783 #1172814 #1172823 #1172841 #1172871 #1172938 #1172939 #1172940 #1172956 #1172983 #1172984 #1172985 #1172986 #1172987 #1172988 #1172989 #1172990 #1172999 #1173060 #1173068 #1173074 #1173085 #1173139 #1173206 #1173271 #1173280 #1173284 #1173428 #1173438 #1173461 #1173514 #1173552 #1173573 #1173625 #1173746 #1173776 #1173817 #1173818 #1173820 #1173822 #1173823 #1173824 #1173825 #1173826 #1173827 #1173828 #1173830 #1173831 #1173832 #1173833 #1173834 #1173836 #1173837 #1173838 #1173839 #1173841 #1173843 #1173844 #1173845 #1173847 #1173849 #1173860 #1173894 #1173941 #1174018 #1174072 #1174116 #1174126 #1174127 #1174128 #1174129 #1174185 #1174244 #1174263 #1174264 #1174331 #1174332 #1174333 #1174345 #1174356 #1174396 #1174398 #1174407 #1174409 #1174411 #1174438 #1174462 #1174513 #1174527 #1174543 #1174627 #962849 Cross-References: CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 193 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth?? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to "flash_device" (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not "select" CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated "multiplier = " log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem "region" ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert "staging: imgu: Address a compiler warning on alignment" (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (git-fixes). - Revert "drm/amd/display: disable dcn20 abm feature for bring up" (git-fixes). - Revert "i2c: tegra: Fix suspending in active runtime PM state" (git-fixes). - Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" (git-fixes). - Revert "thermal: mediatek: fix register index error" (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use "smp_mb()" to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow "CFLIST" to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2105=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2105=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2105=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-extra-5.3.18-24.9.1 kernel-default-extra-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-livepatch-5.3.18-24.9.1 kernel-default-livepatch-devel-5.3.18-24.9.1 kernel-livepatch-5_3_18-24_9-default-1-5.3.6 kernel-livepatch-5_3_18-24_9-default-debuginfo-1-5.3.6 kernel-livepatch-SLE15-SP2_Update_1-debugsource-1-5.3.6 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 reiserfs-kmp-default-5.3.18-24.9.1 reiserfs-kmp-default-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.9.1 kernel-obs-build-debugsource-5.3.18-24.9.1 kernel-syms-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.9.1 kernel-preempt-debugsource-5.3.18-24.9.1 kernel-preempt-devel-5.3.18-24.9.1 kernel-preempt-devel-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.9.2 kernel-source-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.9.1 kernel-default-base-5.3.18-24.9.1.9.2.6 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-devel-5.3.18-24.9.1 kernel-default-devel-debuginfo-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.9.1 kernel-preempt-debuginfo-5.3.18-24.9.1 kernel-preempt-debugsource-5.3.18-24.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.9.1 kernel-macros-5.3.18-24.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.9.1 cluster-md-kmp-default-debuginfo-5.3.18-24.9.1 dlm-kmp-default-5.3.18-24.9.1 dlm-kmp-default-debuginfo-5.3.18-24.9.1 gfs2-kmp-default-5.3.18-24.9.1 gfs2-kmp-default-debuginfo-5.3.18-24.9.1 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-debugsource-5.3.18-24.9.1 ocfs2-kmp-default-5.3.18-24.9.1 ocfs2-kmp-default-debuginfo-5.3.18-24.9.1 References: https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158050 https://bugzilla.suse.com/1158242 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158748 https://bugzilla.suse.com/1158765 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159781 https://bugzilla.suse.com/1159867 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161495 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1162400 https://bugzilla.suse.com/1162702 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1164777 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1165211 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1165975 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167651 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168230 https://bugzilla.suse.com/1168779 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169021 https://bugzilla.suse.com/1169094 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169681 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1170879 https://bugzilla.suse.com/1170891 https://bugzilla.suse.com/1170895 https://bugzilla.suse.com/1171150 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171246 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171513 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171699 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171828 https://bugzilla.suse.com/1171857 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171915 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172046 https://bugzilla.suse.com/1172061 https://bugzilla.suse.com/1172062 https://bugzilla.suse.com/1172063 https://bugzilla.suse.com/1172064 https://bugzilla.suse.com/1172065 https://bugzilla.suse.com/1172066 https://bugzilla.suse.com/1172067 https://bugzilla.suse.com/1172068 https://bugzilla.suse.com/1172069 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172086 https://bugzilla.suse.com/1172095 https://bugzilla.suse.com/1172169 https://bugzilla.suse.com/1172170 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172208 https://bugzilla.suse.com/1172223 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172365 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172374 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172393 https://bugzilla.suse.com/1172394 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172467 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172543 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172739 https://bugzilla.suse.com/1172751 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172814 https://bugzilla.suse.com/1172823 https://bugzilla.suse.com/1172841 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172938 https://bugzilla.suse.com/1172939 https://bugzilla.suse.com/1172940 https://bugzilla.suse.com/1172956 https://bugzilla.suse.com/1172983 https://bugzilla.suse.com/1172984 https://bugzilla.suse.com/1172985 https://bugzilla.suse.com/1172986 https://bugzilla.suse.com/1172987 https://bugzilla.suse.com/1172988 https://bugzilla.suse.com/1172989 https://bugzilla.suse.com/1172990 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173068 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173085 https://bugzilla.suse.com/1173139 https://bugzilla.suse.com/1173206 https://bugzilla.suse.com/1173271 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173438 https://bugzilla.suse.com/1173461 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173552 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173625 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173776 https://bugzilla.suse.com/1173817 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173822 https://bugzilla.suse.com/1173823 https://bugzilla.suse.com/1173824 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173827 https://bugzilla.suse.com/1173828 https://bugzilla.suse.com/1173830 https://bugzilla.suse.com/1173831 https://bugzilla.suse.com/1173832 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173834 https://bugzilla.suse.com/1173836 https://bugzilla.suse.com/1173837 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173841 https://bugzilla.suse.com/1173843 https://bugzilla.suse.com/1173844 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173847 https://bugzilla.suse.com/1173849 https://bugzilla.suse.com/1173860 https://bugzilla.suse.com/1173894 https://bugzilla.suse.com/1173941 https://bugzilla.suse.com/1174018 https://bugzilla.suse.com/1174072 https://bugzilla.suse.com/1174116 https://bugzilla.suse.com/1174126 https://bugzilla.suse.com/1174127 https://bugzilla.suse.com/1174128 https://bugzilla.suse.com/1174129 https://bugzilla.suse.com/1174185 https://bugzilla.suse.com/1174244 https://bugzilla.suse.com/1174263 https://bugzilla.suse.com/1174264 https://bugzilla.suse.com/1174331 https://bugzilla.suse.com/1174332 https://bugzilla.suse.com/1174333 https://bugzilla.suse.com/1174345 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174396 https://bugzilla.suse.com/1174398 https://bugzilla.suse.com/1174407 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174411 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174513 https://bugzilla.suse.com/1174527 https://bugzilla.suse.com/1174543 https://bugzilla.suse.com/1174627 https://bugzilla.suse.com/962849 From sle-updates at lists.suse.com Mon Aug 3 14:27:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Aug 2020 22:27:24 +0200 (CEST) Subject: SUSE-SU-2020:2107-1: important: Security update for the Linux Kernel Message-ID: <20200803202724.68894FEC3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2107-1 Rating: important References: #1051510 #1065729 #1071995 #1085030 #1111666 #1112178 #1113956 #1114279 #1144333 #1148868 #1150660 #1151927 #1152107 #1152624 #1158983 #1159058 #1161016 #1162002 #1162063 #1163309 #1166985 #1167104 #1168081 #1168959 #1169194 #1169514 #1169771 #1169795 #1170011 #1170442 #1170592 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171732 #1171739 #1171743 #1171753 #1171759 #1171835 #1171841 #1171868 #1171904 #1172247 #1172257 #1172344 #1172458 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172775 #1172781 #1172782 #1172783 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173514 #1173567 #1173573 #1173659 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174186 #1174187 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 82 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2107=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2107=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2107=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-extra-4.12.14-197.48.1 kernel-default-extra-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-livepatch-4.12.14-197.48.1 kernel-default-livepatch-devel-4.12.14-197.48.1 kernel-livepatch-4_12_14-197_48-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 reiserfs-kmp-default-4.12.14-197.48.1 reiserfs-kmp-default-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.48.1 kernel-obs-build-debugsource-4.12.14-197.48.1 kernel-syms-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.48.1 kernel-source-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.48.1 kernel-default-base-4.12.14-197.48.1 kernel-default-base-debuginfo-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-devel-4.12.14-197.48.1 kernel-default-devel-debuginfo-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.48.1 kernel-macros-4.12.14-197.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.48.1 kernel-zfcpdump-debuginfo-4.12.14-197.48.1 kernel-zfcpdump-debugsource-4.12.14-197.48.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.48.1 cluster-md-kmp-default-debuginfo-4.12.14-197.48.1 dlm-kmp-default-4.12.14-197.48.1 dlm-kmp-default-debuginfo-4.12.14-197.48.1 gfs2-kmp-default-4.12.14-197.48.1 gfs2-kmp-default-debuginfo-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 ocfs2-kmp-default-4.12.14-197.48.1 ocfs2-kmp-default-debuginfo-4.12.14-197.48.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 4 04:13:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 12:13:09 +0200 (CEST) Subject: SUSE-RU-2020:2111-1: moderate: Recommended update for gnome-initial-setup Message-ID: <20200804101309.49854FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-initial-setup ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2111-1 Rating: moderate References: #1172910 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-initial-setup fixes the following issues: - Fix to start 'gnome-initial-setup' via 'xdg autostart' as an alternative to systemd user units on SLE-15-SP2. (bsc#1172910) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2111=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): gnome-initial-setup-lang-3.34.6-3.3.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gnome-initial-setup-3.34.6-3.3.2 gnome-initial-setup-debuginfo-3.34.6-3.3.2 gnome-initial-setup-debugsource-3.34.6-3.3.2 References: https://bugzilla.suse.com/1172910 From sle-updates at lists.suse.com Tue Aug 4 07:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 15:12:51 +0200 (CEST) Subject: SUSE-RU-2020:2113-1: moderate: Recommended update for ocfs2-tools Message-ID: <20200804131251.E9DCBFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2113-1 Rating: moderate References: #1170530 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ocfs2-tools fixes the following issue: - Fix debugfs.ocfs2 error on devices with sector size 4096 (bsc#1170530) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2113=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2113=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-12.3.1 ocfs2-tools-debuginfo-1.8.5-12.3.1 ocfs2-tools-debugsource-1.8.5-12.3.1 ocfs2-tools-o2cb-1.8.5-12.3.1 ocfs2-tools-o2cb-debuginfo-1.8.5-12.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-12.3.1 ocfs2-tools-debuginfo-1.8.5-12.3.1 ocfs2-tools-debugsource-1.8.5-12.3.1 ocfs2-tools-o2cb-1.8.5-12.3.1 ocfs2-tools-o2cb-debuginfo-1.8.5-12.3.1 References: https://bugzilla.suse.com/1170530 From sle-updates at lists.suse.com Tue Aug 4 07:13:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 15:13:36 +0200 (CEST) Subject: SUSE-RU-2020:14443-1: moderate: Recommended update for mozilla-nss, mozilla-nspr Message-ID: <20200804131336.51ED0FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14443-1 Rating: moderate References: #1173767 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss and mozilla-nspr fixes the following issue: - provide mozilla-nss again for all architectures (bsc#1173767) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14443=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14443=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14443=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14443=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.53.1-47.9.1 libsoftokn3-3.53.1-47.9.1 mozilla-nspr-4.25-33.3.1 mozilla-nspr-devel-4.25-33.3.1 mozilla-nss-3.53.1-47.9.1 mozilla-nss-certs-3.53.1-47.9.1 mozilla-nss-devel-3.53.1-47.9.1 mozilla-nss-tools-3.53.1-47.9.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.53.1-47.9.1 libsoftokn3-32bit-3.53.1-47.9.1 mozilla-nspr-32bit-4.25-33.3.1 mozilla-nss-32bit-3.53.1-47.9.1 mozilla-nss-certs-32bit-3.53.1-47.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.53.1-47.9.1 libsoftokn3-3.53.1-47.9.1 mozilla-nspr-4.25-33.3.1 mozilla-nss-3.53.1-47.9.1 mozilla-nss-tools-3.53.1-47.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nspr-debuginfo-4.25-33.3.1 mozilla-nspr-debugsource-4.25-33.3.1 mozilla-nss-debuginfo-3.53.1-47.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.25-33.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nspr-debuginfo-4.25-33.3.1 mozilla-nspr-debugsource-4.25-33.3.1 mozilla-nss-debuginfo-3.53.1-47.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.25-33.3.1 References: https://bugzilla.suse.com/1173767 From sle-updates at lists.suse.com Tue Aug 4 07:14:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 15:14:29 +0200 (CEST) Subject: SUSE-RU-2020:2114-1: important: Recommended update for apache2 Message-ID: <20200804131429.515B8FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2114-1 Rating: important References: #1174667 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - Revert the recent openssl locking changes which caused crashes on service reload (bsc#1174667) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2114=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2114=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2114=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2114=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2114=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2114=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2114=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2114=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2114=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2114=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2114=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2114=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2114=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2114=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2114=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2114=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2114=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-devel-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - SUSE Enterprise Storage 5 (noarch): apache2-doc-2.4.23-29.60.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.60.1 apache2-debuginfo-2.4.23-29.60.1 apache2-debugsource-2.4.23-29.60.1 apache2-example-pages-2.4.23-29.60.1 apache2-prefork-2.4.23-29.60.1 apache2-prefork-debuginfo-2.4.23-29.60.1 apache2-utils-2.4.23-29.60.1 apache2-utils-debuginfo-2.4.23-29.60.1 apache2-worker-2.4.23-29.60.1 apache2-worker-debuginfo-2.4.23-29.60.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.60.1 References: https://bugzilla.suse.com/1174667 From sle-updates at lists.suse.com Tue Aug 4 07:15:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 15:15:19 +0200 (CEST) Subject: SUSE-RU-2020:2115-1: moderate: Recommended update for opus Message-ID: <20200804131519.26AC5FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for opus ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2115-1 Rating: moderate References: #1172526 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for opus fixes the following issues: - Fix for an issue when the 'CELTDecoder' can be larger than 21 and cauese crash by builds with custom modes or hardening. (bsc#1172526) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2115=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2115=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2115=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2115=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopus-devel-1.3.1-3.6.1 opus-debugsource-1.3.1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libopus-devel-1.3.1-3.6.1 opus-debugsource-1.3.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopus0-1.3.1-3.6.1 libopus0-debuginfo-1.3.1-3.6.1 opus-debugsource-1.3.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libopus0-1.3.1-3.6.1 libopus0-debuginfo-1.3.1-3.6.1 opus-debugsource-1.3.1-3.6.1 References: https://bugzilla.suse.com/1172526 From sle-updates at lists.suse.com Tue Aug 4 10:14:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 18:14:34 +0200 (CEST) Subject: SUSE-SU-2020:2116-1: important: Security update for libX11 Message-ID: <20200804161434.49404FF0B@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2116-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2116=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2116=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2116=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2116=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2116=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2116=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2116=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2116=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libX11-6-32bit-1.6.5-3.6.2 libX11-6-32bit-debuginfo-1.6.5-3.6.2 libX11-xcb1-32bit-1.6.5-3.6.2 libX11-xcb1-32bit-debuginfo-1.6.5-3.6.2 libxcb-dri2-0-32bit-1.13-3.5.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.5.1 libxcb-dri3-0-32bit-1.13-3.5.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.5.1 libxcb-glx0-32bit-1.13-3.5.1 libxcb-glx0-32bit-debuginfo-1.13-3.5.1 libxcb-present0-32bit-1.13-3.5.1 libxcb-present0-32bit-debuginfo-1.13-3.5.1 libxcb-sync1-32bit-1.13-3.5.1 libxcb-sync1-32bit-debuginfo-1.13-3.5.1 libxcb-xfixes0-32bit-1.13-3.5.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.5.1 libxcb1-32bit-1.13-3.5.1 libxcb1-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libxcb-debugsource-1.13-3.5.1 libxcb-render0-32bit-1.13-3.5.1 libxcb-render0-32bit-debuginfo-1.13-3.5.1 libxcb-shm0-32bit-1.13-3.5.1 libxcb-shm0-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): libxcb-debugsource-1.13-3.5.1 libxcb-render0-32bit-1.13-3.5.1 libxcb-render0-32bit-debuginfo-1.13-3.5.1 libxcb-shm0-32bit-1.13-3.5.1 libxcb-shm0-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libX11-6-32bit-1.6.5-3.6.2 libX11-6-32bit-debuginfo-1.6.5-3.6.2 libX11-xcb1-32bit-1.6.5-3.6.2 libX11-xcb1-32bit-debuginfo-1.6.5-3.6.2 libxcb-dri2-0-32bit-1.13-3.5.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.5.1 libxcb-dri3-0-32bit-1.13-3.5.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.5.1 libxcb-glx0-32bit-1.13-3.5.1 libxcb-glx0-32bit-debuginfo-1.13-3.5.1 libxcb-present0-32bit-1.13-3.5.1 libxcb-present0-32bit-debuginfo-1.13-3.5.1 libxcb-sync1-32bit-1.13-3.5.1 libxcb-sync1-32bit-debuginfo-1.13-3.5.1 libxcb-xfixes0-32bit-1.13-3.5.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.5.1 libxcb1-32bit-1.13-3.5.1 libxcb1-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libX11-6-32bit-1.6.5-3.6.2 libX11-6-32bit-debuginfo-1.6.5-3.6.2 libX11-xcb1-32bit-1.6.5-3.6.2 libX11-xcb1-32bit-debuginfo-1.6.5-3.6.2 libxcb-dri2-0-32bit-1.13-3.5.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.5.1 libxcb-dri3-0-32bit-1.13-3.5.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.5.1 libxcb-glx0-32bit-1.13-3.5.1 libxcb-glx0-32bit-debuginfo-1.13-3.5.1 libxcb-present0-32bit-1.13-3.5.1 libxcb-present0-32bit-debuginfo-1.13-3.5.1 libxcb-sync1-32bit-1.13-3.5.1 libxcb-sync1-32bit-debuginfo-1.13-3.5.1 libxcb-xfixes0-32bit-1.13-3.5.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.5.1 libxcb1-32bit-1.13-3.5.1 libxcb1-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libX11-6-32bit-1.6.5-3.6.2 libX11-6-32bit-debuginfo-1.6.5-3.6.2 libX11-xcb1-32bit-1.6.5-3.6.2 libX11-xcb1-32bit-debuginfo-1.6.5-3.6.2 libxcb-dri2-0-32bit-1.13-3.5.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.5.1 libxcb-dri3-0-32bit-1.13-3.5.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.5.1 libxcb-glx0-32bit-1.13-3.5.1 libxcb-glx0-32bit-debuginfo-1.13-3.5.1 libxcb-present0-32bit-1.13-3.5.1 libxcb-present0-32bit-debuginfo-1.13-3.5.1 libxcb-sync1-32bit-1.13-3.5.1 libxcb-sync1-32bit-debuginfo-1.13-3.5.1 libxcb-xfixes0-32bit-1.13-3.5.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.5.1 libxcb1-32bit-1.13-3.5.1 libxcb1-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libX11-6-1.6.5-3.6.2 libX11-6-debuginfo-1.6.5-3.6.2 libX11-debugsource-1.6.5-3.6.2 libX11-devel-1.6.5-3.6.2 libX11-xcb1-1.6.5-3.6.2 libX11-xcb1-debuginfo-1.6.5-3.6.2 libxcb-composite0-1.13-3.5.1 libxcb-composite0-debuginfo-1.13-3.5.1 libxcb-damage0-1.13-3.5.1 libxcb-damage0-debuginfo-1.13-3.5.1 libxcb-debugsource-1.13-3.5.1 libxcb-devel-1.13-3.5.1 libxcb-dpms0-1.13-3.5.1 libxcb-dpms0-debuginfo-1.13-3.5.1 libxcb-dri2-0-1.13-3.5.1 libxcb-dri2-0-debuginfo-1.13-3.5.1 libxcb-dri3-0-1.13-3.5.1 libxcb-dri3-0-debuginfo-1.13-3.5.1 libxcb-glx0-1.13-3.5.1 libxcb-glx0-debuginfo-1.13-3.5.1 libxcb-present0-1.13-3.5.1 libxcb-present0-debuginfo-1.13-3.5.1 libxcb-randr0-1.13-3.5.1 libxcb-randr0-debuginfo-1.13-3.5.1 libxcb-record0-1.13-3.5.1 libxcb-record0-debuginfo-1.13-3.5.1 libxcb-render0-1.13-3.5.1 libxcb-render0-debuginfo-1.13-3.5.1 libxcb-res0-1.13-3.5.1 libxcb-res0-debuginfo-1.13-3.5.1 libxcb-screensaver0-1.13-3.5.1 libxcb-screensaver0-debuginfo-1.13-3.5.1 libxcb-shape0-1.13-3.5.1 libxcb-shape0-debuginfo-1.13-3.5.1 libxcb-shm0-1.13-3.5.1 libxcb-shm0-debuginfo-1.13-3.5.1 libxcb-sync1-1.13-3.5.1 libxcb-sync1-debuginfo-1.13-3.5.1 libxcb-xf86dri0-1.13-3.5.1 libxcb-xf86dri0-debuginfo-1.13-3.5.1 libxcb-xfixes0-1.13-3.5.1 libxcb-xfixes0-debuginfo-1.13-3.5.1 libxcb-xinerama0-1.13-3.5.1 libxcb-xinerama0-debuginfo-1.13-3.5.1 libxcb-xinput0-1.13-3.5.1 libxcb-xinput0-debuginfo-1.13-3.5.1 libxcb-xkb1-1.13-3.5.1 libxcb-xkb1-debuginfo-1.13-3.5.1 libxcb-xtest0-1.13-3.5.1 libxcb-xtest0-debuginfo-1.13-3.5.1 libxcb-xv0-1.13-3.5.1 libxcb-xv0-debuginfo-1.13-3.5.1 libxcb-xvmc0-1.13-3.5.1 libxcb-xvmc0-debuginfo-1.13-3.5.1 libxcb1-1.13-3.5.1 libxcb1-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libX11-6-32bit-1.6.5-3.6.2 libX11-6-32bit-debuginfo-1.6.5-3.6.2 libX11-xcb1-32bit-1.6.5-3.6.2 libX11-xcb1-32bit-debuginfo-1.6.5-3.6.2 libxcb-dri2-0-32bit-1.13-3.5.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.5.1 libxcb-dri3-0-32bit-1.13-3.5.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.5.1 libxcb-glx0-32bit-1.13-3.5.1 libxcb-glx0-32bit-debuginfo-1.13-3.5.1 libxcb-present0-32bit-1.13-3.5.1 libxcb-present0-32bit-debuginfo-1.13-3.5.1 libxcb-sync1-32bit-1.13-3.5.1 libxcb-sync1-32bit-debuginfo-1.13-3.5.1 libxcb-xfixes0-32bit-1.13-3.5.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.5.1 libxcb1-32bit-1.13-3.5.1 libxcb1-32bit-debuginfo-1.13-3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libX11-data-1.6.5-3.6.2 libxcb-devel-doc-1.13-3.5.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Tue Aug 4 13:12:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:12:55 +0200 (CEST) Subject: SUSE-SU-2020:2119-1: important: Security update for the Linux Kernel Message-ID: <20200804191255.8011CFDE1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2119-1 Rating: important References: #1051510 #1065729 #1104967 #1111666 #1112178 #1113956 #1114279 #1150660 #1151927 #1152107 #1152624 #1158983 #1159058 #1162002 #1163309 #1167104 #1168959 #1169514 #1169771 #1169795 #1170011 #1170442 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171673 #1171732 #1171739 #1171743 #1171753 #1171759 #1171761 #1171835 #1171841 #1171868 #1171988 #1172247 #1172257 #1172344 #1172484 #1172687 #1172719 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173462 #1173514 #1173567 #1173573 #1173659 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174130 #1174186 #1174187 #1174205 #1174247 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 #1174549 Cross-References: CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-14331 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 75 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update() (bnc#1174205). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - be2net: fix link failure after ethtool offline test (git-fixes). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - Btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - Btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - Btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - Btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpu: host1x: Detach driver on unregister (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2119=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.22.1 kernel-azure-base-4.12.14-16.22.1 kernel-azure-base-debuginfo-4.12.14-16.22.1 kernel-azure-debuginfo-4.12.14-16.22.1 kernel-azure-debugsource-4.12.14-16.22.1 kernel-azure-devel-4.12.14-16.22.1 kernel-syms-azure-4.12.14-16.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.22.1 kernel-source-azure-4.12.14-16.22.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174130 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 https://bugzilla.suse.com/1174549 From sle-updates at lists.suse.com Tue Aug 4 13:25:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:25:30 +0200 (CEST) Subject: SUSE-SU-2020:2121-1: important: Security update for the Linux Kernel Message-ID: <20200804192530.EFE07FDE1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2121-1 Rating: important References: #1051510 #1065729 #1071995 #1085030 #1104967 #1114279 #1144333 #1148868 #1150660 #1152107 #1152472 #1152624 #1158983 #1159058 #1161016 #1162002 #1162063 #1168081 #1169194 #1169514 #1169795 #1170011 #1170592 #1170618 #1171124 #1171424 #1171558 #1171673 #1171732 #1171761 #1171868 #1171904 #1172257 #1172344 #1172458 #1172484 #1172759 #1172775 #1172781 #1172782 #1172783 #1172999 #1173265 #1173280 #1173428 #1173462 #1173514 #1173567 #1173573 #1174115 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 37 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2121=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2121=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2121=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2121=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2121=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-default-devel-debuginfo-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-default-devel-debuginfo-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.57.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.57.1 cluster-md-kmp-default-debuginfo-4.12.14-95.57.1 dlm-kmp-default-4.12.14-95.57.1 dlm-kmp-default-debuginfo-4.12.14-95.57.1 gfs2-kmp-default-4.12.14-95.57.1 gfs2-kmp-default-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 ocfs2-kmp-default-4.12.14-95.57.1 ocfs2-kmp-default-debuginfo-4.12.14-95.57.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 4 13:32:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:32:29 +0200 (CEST) Subject: SUSE-SU-2020:2121-1: important: Security update for the Linux Kernel Message-ID: <20200804193229.A8C89FDE1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2121-1 Rating: important References: #1051510 #1065729 #1071995 #1085030 #1104967 #1114279 #1144333 #1148868 #1150660 #1152107 #1152472 #1152624 #1158983 #1159058 #1161016 #1162002 #1162063 #1168081 #1169194 #1169514 #1169795 #1170011 #1170592 #1170618 #1171124 #1171424 #1171558 #1171673 #1171732 #1171761 #1171868 #1171904 #1172257 #1172344 #1172458 #1172484 #1172759 #1172775 #1172781 #1172782 #1172783 #1172999 #1173265 #1173280 #1173428 #1173462 #1173514 #1173567 #1173573 #1174115 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 37 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2121=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2121=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2121=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2121=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2121=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2121=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-default-devel-debuginfo-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-default-devel-debuginfo-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.57.1 kernel-default-base-4.12.14-95.57.1 kernel-default-base-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 kernel-default-devel-4.12.14-95.57.1 kernel-syms-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.57.1 kernel-macros-4.12.14-95.57.1 kernel-source-4.12.14-95.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.57.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.57.1 kernel-default-kgraft-devel-4.12.14-95.57.1 kgraft-patch-4_12_14-95_57-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.57.1 cluster-md-kmp-default-debuginfo-4.12.14-95.57.1 dlm-kmp-default-4.12.14-95.57.1 dlm-kmp-default-debuginfo-4.12.14-95.57.1 gfs2-kmp-default-4.12.14-95.57.1 gfs2-kmp-default-debuginfo-4.12.14-95.57.1 kernel-default-debuginfo-4.12.14-95.57.1 kernel-default-debugsource-4.12.14-95.57.1 ocfs2-kmp-default-4.12.14-95.57.1 ocfs2-kmp-default-debuginfo-4.12.14-95.57.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 4 13:39:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:39:14 +0200 (CEST) Subject: SUSE-SU-2020:14444-1: important: Security update for xen Message-ID: <20200804193914.E7948FDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14444-1 Rating: important References: #1152497 #1154448 #1154456 #1154458 #1154461 #1155945 #1157888 #1158004 #1158005 #1158006 #1158007 #1161181 #1163019 #1168140 #1169392 #1174543 Cross-References: CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19583 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-7211 CVE-2020-8608 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods - bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states - bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts - bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations - bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables - bsc#1154448 - CVE-2019-18420: VCPUOP_initialise DoS - bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation - bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations - bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment - bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) - bsc#1152497 - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14444=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14444=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_42_3.0.101_108.114-61.52.1 xen-libs-4.4.4_42-61.52.1 xen-tools-domU-4.4.4_42-61.52.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_42-61.52.1 xen-doc-html-4.4.4_42-61.52.1 xen-libs-32bit-4.4.4_42-61.52.1 xen-tools-4.4.4_42-61.52.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_42_3.0.101_108.114-61.52.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_42-61.52.1 xen-debugsource-4.4.4_42-61.52.1 References: https://www.suse.com/security/cve/CVE-2018-12207.html https://www.suse.com/security/cve/CVE-2019-11135.html https://www.suse.com/security/cve/CVE-2019-18420.html https://www.suse.com/security/cve/CVE-2019-18421.html https://www.suse.com/security/cve/CVE-2019-18424.html https://www.suse.com/security/cve/CVE-2019-18425.html https://www.suse.com/security/cve/CVE-2019-19577.html https://www.suse.com/security/cve/CVE-2019-19578.html https://www.suse.com/security/cve/CVE-2019-19579.html https://www.suse.com/security/cve/CVE-2019-19580.html https://www.suse.com/security/cve/CVE-2019-19583.html https://www.suse.com/security/cve/CVE-2020-11740.html https://www.suse.com/security/cve/CVE-2020-11741.html https://www.suse.com/security/cve/CVE-2020-11742.html https://www.suse.com/security/cve/CVE-2020-7211.html https://www.suse.com/security/cve/CVE-2020-8608.html https://bugzilla.suse.com/1152497 https://bugzilla.suse.com/1154448 https://bugzilla.suse.com/1154456 https://bugzilla.suse.com/1154458 https://bugzilla.suse.com/1154461 https://bugzilla.suse.com/1155945 https://bugzilla.suse.com/1157888 https://bugzilla.suse.com/1158004 https://bugzilla.suse.com/1158005 https://bugzilla.suse.com/1158006 https://bugzilla.suse.com/1158007 https://bugzilla.suse.com/1161181 https://bugzilla.suse.com/1163019 https://bugzilla.suse.com/1168140 https://bugzilla.suse.com/1169392 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 4 13:41:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:41:41 +0200 (CEST) Subject: SUSE-SU-2020:2117-1: important: Security update for libX11 Message-ID: <20200804194141.2201EFDE1@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2117-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2117=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2117=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2117=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2117=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2117=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2117=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2117=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2117=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2117=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2117=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2117=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2117=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2117=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2117=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2117=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2117=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2117=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libX11-data-1.6.2-12.8.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libX11-data-1.6.2-12.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE OpenStack Cloud 9 (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE OpenStack Cloud 9 (noarch): libX11-data-1.6.2-12.8.1 - SUSE OpenStack Cloud 8 (noarch): libX11-data-1.6.2-12.8.1 - SUSE OpenStack Cloud 8 (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE OpenStack Cloud 7 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.8.1 libX11-devel-1.6.2-12.8.1 libxcb-composite0-1.10-4.5.1 libxcb-composite0-debuginfo-1.10-4.5.1 libxcb-damage0-1.10-4.5.1 libxcb-damage0-debuginfo-1.10-4.5.1 libxcb-debugsource-1.10-4.5.1 libxcb-devel-1.10-4.5.1 libxcb-dpms0-1.10-4.5.1 libxcb-dpms0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-record0-1.10-4.5.1 libxcb-record0-debuginfo-1.10-4.5.1 libxcb-res0-1.10-4.5.1 libxcb-res0-debuginfo-1.10-4.5.1 libxcb-screensaver0-1.10-4.5.1 libxcb-screensaver0-debuginfo-1.10-4.5.1 libxcb-xevie0-1.10-4.5.1 libxcb-xevie0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xprint0-1.10-4.5.1 libxcb-xprint0-debuginfo-1.10-4.5.1 libxcb-xtest0-1.10-4.5.1 libxcb-xtest0-debuginfo-1.10-4.5.1 libxcb-xvmc0-1.10-4.5.1 libxcb-xvmc0-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libxcb-devel-doc-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libX11-data-1.6.2-12.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libX11-6-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 - SUSE Enterprise Storage 5 (noarch): libX11-data-1.6.2-12.8.1 - SUSE Enterprise Storage 5 (x86_64): libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - HPE Helion Openstack 8 (x86_64): libX11-6-1.6.2-12.8.1 libX11-6-32bit-1.6.2-12.8.1 libX11-6-debuginfo-1.6.2-12.8.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libX11-debugsource-1.6.2-12.8.1 libX11-xcb1-1.6.2-12.8.1 libX11-xcb1-32bit-1.6.2-12.8.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb-glx0-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-render0-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 - HPE Helion Openstack 8 (noarch): libX11-data-1.6.2-12.8.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Tue Aug 4 13:42:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Aug 2020 21:42:26 +0200 (CEST) Subject: SUSE-SU-2020:2118-1: important: Security update for MozillaFirefox Message-ID: <20200804194226.3281AFDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2118-1 Rating: important References: #1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2118=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-3.100.2 MozillaFirefox-debuginfo-78.1.0-3.100.2 MozillaFirefox-debugsource-78.1.0-3.100.2 MozillaFirefox-translations-common-78.1.0-3.100.2 MozillaFirefox-translations-other-78.1.0-3.100.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.1.0-3.100.2 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15653.html https://www.suse.com/security/cve/CVE-2020-15654.html https://www.suse.com/security/cve/CVE-2020-15655.html https://www.suse.com/security/cve/CVE-2020-15656.html https://www.suse.com/security/cve/CVE-2020-15657.html https://www.suse.com/security/cve/CVE-2020-15658.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1174538 From sle-updates at lists.suse.com Tue Aug 4 16:13:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 00:13:18 +0200 (CEST) Subject: SUSE-SU-2020:2122-1: important: Security update for the Linux Kernel Message-ID: <20200804221318.5B75CFF0B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2122-1 Rating: important References: #1051510 #1065729 #1104967 #1111666 #1112178 #1113956 #1114279 #1150660 #1151927 #1152107 #1152624 #1158983 #1159058 #1162002 #1163309 #1167104 #1168959 #1169514 #1169771 #1169795 #1170011 #1170442 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171673 #1171732 #1171739 #1171743 #1171753 #1171759 #1171761 #1171835 #1171841 #1171868 #1171988 #1172247 #1172257 #1172344 #1172484 #1172687 #1172719 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173462 #1173514 #1173567 #1173573 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174130 #1174205 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-14331 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 70 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14331: A buffer over write in vgacon_scroll was fixed (bnc#1174205). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - be2net: fix link failure after ethtool offline test (git-fixes). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). Refresh patches.suse/block-bfq-fix-use-after-free-in-bfq_idle_slice_timer.patch - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - Fix boot crash with MD (bsc#1174343) Refresh patches.suse/mdraid-fix-read-write-bytes-accounting.patch - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpu: host1x: Detach driver on unregister (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" (networking-stable-20_05_16). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - usb: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - usb: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - usb: serial: ch341: add new Product ID for CH340 (bsc#1111666). - usb: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - usb: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - usb: serial: option: add GosunCn GM500 series (bsc#1111666). - usb: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2122=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-kgraft-4.12.14-122.29.1 kernel-default-kgraft-devel-4.12.14-122.29.1 kgraft-patch-4_12_14-122_29-default-1-8.3.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174130 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 4 16:23:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 00:23:39 +0200 (CEST) Subject: SUSE-SU-2020:2122-1: important: Security update for the Linux Kernel Message-ID: <20200804222339.EFD81FF0B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2122-1 Rating: important References: #1051510 #1065729 #1104967 #1111666 #1112178 #1113956 #1114279 #1150660 #1151927 #1152107 #1152624 #1158983 #1159058 #1162002 #1163309 #1167104 #1168959 #1169514 #1169771 #1169795 #1170011 #1170442 #1170617 #1170618 #1171124 #1171424 #1171529 #1171530 #1171558 #1171673 #1171732 #1171739 #1171743 #1171753 #1171759 #1171761 #1171835 #1171841 #1171868 #1171988 #1172247 #1172257 #1172344 #1172484 #1172687 #1172719 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173462 #1173514 #1173567 #1173573 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174130 #1174205 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 #1174543 Cross-References: CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-14331 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 70 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14331: A buffer over write in vgacon_scroll was fixed (bnc#1174205). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - be2net: fix link failure after ethtool offline test (git-fixes). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). Refresh patches.suse/block-bfq-fix-use-after-free-in-bfq_idle_slice_timer.patch - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - Fix boot crash with MD (bsc#1174343) Refresh patches.suse/mdraid-fix-read-write-bytes-accounting.patch - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpu: host1x: Detach driver on unregister (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" (networking-stable-20_05_16). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - usb: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - usb: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - usb: serial: ch341: add new Product ID for CH340 (bsc#1111666). - usb: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - usb: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - usb: serial: option: add GosunCn GM500 series (bsc#1111666). - usb: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2122=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2122=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2122=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2122=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2122=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-extra-4.12.14-122.29.1 kernel-default-extra-debuginfo-4.12.14-122.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.29.1 kernel-obs-build-debugsource-4.12.14-122.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.29.1 kernel-default-base-4.12.14-122.29.1 kernel-default-base-debuginfo-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-devel-4.12.14-122.29.1 kernel-syms-4.12.14-122.29.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.29.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.29.1 kernel-macros-4.12.14-122.29.1 kernel-source-4.12.14-122.29.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.29.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-kgraft-4.12.14-122.29.1 kernel-default-kgraft-devel-4.12.14-122.29.1 kgraft-patch-4_12_14-122_29-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.29.1 cluster-md-kmp-default-debuginfo-4.12.14-122.29.1 dlm-kmp-default-4.12.14-122.29.1 dlm-kmp-default-debuginfo-4.12.14-122.29.1 gfs2-kmp-default-4.12.14-122.29.1 gfs2-kmp-default-debuginfo-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 ocfs2-kmp-default-4.12.14-122.29.1 ocfs2-kmp-default-debuginfo-4.12.14-122.29.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174130 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Aug 5 07:12:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:12:49 +0200 (CEST) Subject: SUSE-RU-2020:2126-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20200805131249.DD7B7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2126-1 Rating: moderate References: #1173474 #1173475 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2126=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2126=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-2126=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-2126=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.1.0-6.31.1 cloud-regionsrv-client-generic-config-1.0.0-6.31.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.31.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.31.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.31.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.1.0-6.31.1 cloud-regionsrv-client-generic-config-1.0.0-6.31.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.31.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.31.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.31.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-4.15.2 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-4.15.2 References: https://bugzilla.suse.com/1173474 https://bugzilla.suse.com/1173475 From sle-updates at lists.suse.com Wed Aug 5 07:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:13:42 +0200 (CEST) Subject: SUSE-SU-2020:14445-1: important: Security update for xorg-x11-libX11 Message-ID: <20200805131342.CCAA1FDE4@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14445-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-libX11-14445=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-libX11-14445=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-14445=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-libX11-14445=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.15.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-libX11-7.4-5.11.72.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.15.1 xorg-x11-libX11-debugsource-7.4-5.11.72.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.15.1 xorg-x11-libX11-debugsource-7.4-5.11.72.15.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Wed Aug 5 07:14:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:14:26 +0200 (CEST) Subject: SUSE-RU-2020:2125-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20200805131426.D2D94FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2125-1 Rating: moderate References: #1173474 #1173475 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2125=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.1.0-52.39.1 cloud-regionsrv-client-generic-config-1.0.0-52.39.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.39.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.39.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.39.1 References: https://bugzilla.suse.com/1173474 https://bugzilla.suse.com/1173475 From sle-updates at lists.suse.com Wed Aug 5 07:15:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:15:15 +0200 (CEST) Subject: SUSE-RU-2020:2128-1: moderate: Recommended update for cryptctl Message-ID: <20200805131515.21680FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2128-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: cryptctl was updated to fix the following issue - crypto is shipped into the Basesystem module. (ECO-2067) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2128=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2128=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2128=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2128=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (ppc64le x86_64): cryptctl-2.3-4.2.2 cryptctl-debuginfo-2.3-4.2.2 - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64): cryptctl-2.3-4.2.2 cryptctl-debuginfo-2.3-4.2.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): cryptctl-2.3-4.2.2 cryptctl-debuginfo-2.3-4.2.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le x86_64): cryptctl-2.3-4.2.2 cryptctl-debuginfo-2.3-4.2.2 References: From sle-updates at lists.suse.com Wed Aug 5 07:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:16:26 +0200 (CEST) Subject: SUSE-RU-2020:2124-1: moderate: Recommended update for lvm2 Message-ID: <20200805131626.C6AACFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2124-1 Rating: moderate References: #1172597 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2124=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2124=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-12.20.2 device-mapper-debuginfo-1.02.149-12.20.2 device-mapper-debugsource-1.02.149-12.20.2 device-mapper-devel-1.02.149-12.20.2 libdevmapper-event1_03-1.02.149-12.20.2 libdevmapper-event1_03-debuginfo-1.02.149-12.20.2 libdevmapper1_03-1.02.149-12.20.2 libdevmapper1_03-debuginfo-1.02.149-12.20.2 liblvm2app2_2-2.02.180-12.20.2 liblvm2app2_2-debuginfo-2.02.180-12.20.2 liblvm2cmd2_02-2.02.180-12.20.2 liblvm2cmd2_02-debuginfo-2.02.180-12.20.2 lvm2-2.02.180-12.20.2 lvm2-debuginfo-2.02.180-12.20.2 lvm2-debugsource-2.02.180-12.20.2 lvm2-devel-2.02.180-12.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdevmapper1_03-32bit-1.02.149-12.20.2 libdevmapper1_03-32bit-debuginfo-1.02.149-12.20.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): lvm2-clvm-2.02.180-12.20.2 lvm2-clvm-debuginfo-2.02.180-12.20.2 lvm2-clvm-debugsource-2.02.180-12.20.2 lvm2-cmirrord-2.02.180-12.20.2 lvm2-cmirrord-debuginfo-2.02.180-12.20.2 lvm2-lockd-2.02.180-12.20.2 lvm2-lockd-debuginfo-2.02.180-12.20.2 References: https://bugzilla.suse.com/1172597 From sle-updates at lists.suse.com Wed Aug 5 07:17:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 15:17:52 +0200 (CEST) Subject: SUSE-RU-2020:2127-1: important: Recommended update for python-azure-agent Message-ID: <20200805131752.3040FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2127-1 Rating: important References: #1173866 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2127=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2127=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python-azure-agent-2.2.45-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.45-3.9.1 References: https://bugzilla.suse.com/1173866 From sle-updates at lists.suse.com Wed Aug 5 10:13:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 18:13:07 +0200 (CEST) Subject: SUSE-RU-2020:2132-1: moderate: Recommended update for suse-migration-sle15-activation and SLES12-SP4-SLES15-Migration Message-ID: <20200805161307.B832DFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-sle15-activation and SLES12-SP4-SLES15-Migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2132-1 Rating: moderate References: #1173532 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: suse-migration-sle15-activation: - Implement UEFI support in Distribution Migration System. (bsc#1173532) SLES12-SP4-SLES15-Migration: - Added suse-migration-services version 2.0.9 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2132=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-2.0.9-6.14.3 References: https://bugzilla.suse.com/1173532 From sle-updates at lists.suse.com Wed Aug 5 10:13:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 18:13:59 +0200 (CEST) Subject: SUSE-RU-2020:2131-1: moderate: Recommended update for sapconf Message-ID: <20200805161359.517C6FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2131-1 Rating: moderate References: #1124453 #1139176 #1150868 #1150870 #1166925 #1168067 #1168840 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Check the values of the 'vm.dirty_*' settings to be in a valid range before activating or restoring these system values. (bsc#1168067) - Add a logrotate drop-in file for sapconf to control the size of the logfile. (bsc#1166925) - Implement and use the system wide security limits. (bsc#1168840) - Add support multi-queued scheduler for block devices. (jsc#SLE-11141, jsc#SLE-11144) - Remove usage of tuned from sapconf (jsc#SLE-10986, jsc#SLE-10989): - Only ONE configuration file for sapconf - All parameters of the tuned profile defined in tuned.conf sapconf - Implement Switching a sapconf profile. - Prevent sapconf related tuned error messages by turning off tuned in the preinstall phase and removing the 'active' sapconf profile. - If sapconf detects an improper tuned profile during start notes that the log, fails the start deliberatly and guides the administrator to the problem. (bsc#1139176) - Use absolute path in the configuration file. (bsc#1124453) - Replace the delimiter for a sed command in postinstall script, because of conflicts with rpm macros. (bsc#1150868, bsc#1150870) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2131=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2131=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2131=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2131=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2131=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2131=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2131=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2131=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2131=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2131=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2131=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2131=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sapconf-5.0.0-40.59.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): sapconf-5.0.0-40.59.2 - SUSE OpenStack Cloud 9 (noarch): sapconf-5.0.0-40.59.2 - SUSE OpenStack Cloud 8 (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): sapconf-5.0.0-40.59.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): sapconf-5.0.0-40.59.2 - SUSE Enterprise Storage 5 (noarch): sapconf-5.0.0-40.59.2 - HPE Helion Openstack 8 (noarch): sapconf-5.0.0-40.59.2 References: https://bugzilla.suse.com/1124453 https://bugzilla.suse.com/1139176 https://bugzilla.suse.com/1150868 https://bugzilla.suse.com/1150870 https://bugzilla.suse.com/1166925 https://bugzilla.suse.com/1168067 https://bugzilla.suse.com/1168840 From sle-updates at lists.suse.com Wed Aug 5 10:17:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 18:17:01 +0200 (CEST) Subject: SUSE-RU-2020:2130-1: moderate: Recommended update for aws-iam-authenticator, cni, cni-plugins Message-ID: <20200805161701.DFCD9FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-iam-authenticator, cni, cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2130-1 Rating: moderate References: #1098521 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships initial versions of the aws-iam-authenticator, cni, cni-plugins packages to the Public Cloud module. (jsc#PM-1449, jsc#SLE-10777, bsc#1098521) This provides support for Amazon EKS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2130=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2130=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2130=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): aws-iam-authenticator-0.4.0-1.3.35 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): aws-iam-authenticator-0.4.0-1.3.35 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): aws-iam-authenticator-0.4.0-1.3.35 cni-0.7.1-1.4.1 cni-plugins-0.8.6-1.4.1 References: https://bugzilla.suse.com/1098521 From sle-updates at lists.suse.com Wed Aug 5 13:12:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 21:12:57 +0200 (CEST) Subject: SUSE-SU-2020:2134-1: important: Security update for the Linux Kernel Message-ID: <20200805191257.7E6CEFEC3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2134-1 Rating: important References: #1162002 #1170383 #1171189 #1171191 #1171220 #1171732 #1171988 #1172049 #1172453 #1172458 #1172775 #1172781 #1172782 #1172783 #1172999 #1174115 #1174462 #1174543 Cross-References: CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the "Stack: " part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2134=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2134=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2134=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2134=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2134=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.138.1 kernel-default-base-4.4.121-92.138.1 kernel-default-base-debuginfo-4.4.121-92.138.1 kernel-default-debuginfo-4.4.121-92.138.1 kernel-default-debugsource-4.4.121-92.138.1 kernel-default-devel-4.4.121-92.138.1 kernel-syms-4.4.121-92.138.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_138-default-1-3.3.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.138.1 kernel-macros-4.4.121-92.138.1 kernel-source-4.4.121-92.138.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.138.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.138.1 kernel-default-base-4.4.121-92.138.1 kernel-default-base-debuginfo-4.4.121-92.138.1 kernel-default-debuginfo-4.4.121-92.138.1 kernel-default-debugsource-4.4.121-92.138.1 kernel-default-devel-4.4.121-92.138.1 kernel-syms-4.4.121-92.138.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_138-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.138.1 kernel-macros-4.4.121-92.138.1 kernel-source-4.4.121-92.138.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.138.1 kernel-default-base-4.4.121-92.138.1 kernel-default-base-debuginfo-4.4.121-92.138.1 kernel-default-debuginfo-4.4.121-92.138.1 kernel-default-debugsource-4.4.121-92.138.1 kernel-default-devel-4.4.121-92.138.1 kernel-syms-4.4.121-92.138.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.138.1 kernel-macros-4.4.121-92.138.1 kernel-source-4.4.121-92.138.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_138-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.138.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.138.1 kernel-macros-4.4.121-92.138.1 kernel-source-4.4.121-92.138.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.138.1 kernel-default-base-4.4.121-92.138.1 kernel-default-base-debuginfo-4.4.121-92.138.1 kernel-default-debuginfo-4.4.121-92.138.1 kernel-default-debugsource-4.4.121-92.138.1 kernel-default-devel-4.4.121-92.138.1 kernel-syms-4.4.121-92.138.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.138.1 cluster-md-kmp-default-debuginfo-4.4.121-92.138.1 cluster-network-kmp-default-4.4.121-92.138.1 cluster-network-kmp-default-debuginfo-4.4.121-92.138.1 dlm-kmp-default-4.4.121-92.138.1 dlm-kmp-default-debuginfo-4.4.121-92.138.1 gfs2-kmp-default-4.4.121-92.138.1 gfs2-kmp-default-debuginfo-4.4.121-92.138.1 kernel-default-debuginfo-4.4.121-92.138.1 kernel-default-debugsource-4.4.121-92.138.1 ocfs2-kmp-default-4.4.121-92.138.1 ocfs2-kmp-default-debuginfo-4.4.121-92.138.1 References: https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1170383 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172049 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Aug 5 13:15:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 21:15:27 +0200 (CEST) Subject: SUSE-OU-2020:2135-1: Optional update for python-setuptools Message-ID: <20200805191527.1877FFDE4@maintenance.suse.de> SUSE Optional Update: Optional update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2135-1 Rating: low References: #1174035 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for python-setuptools doesn't fix any user visible issues, but changes the package meta information, in order to support building for other packages (bsc#1174035) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2135=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2135=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2135=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2135=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2020-2135=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-setuptools-40.6.2-4.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-setuptools-40.6.2-4.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-setuptools-40.6.2-4.15.1 python3-setuptools-40.6.2-4.15.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-40.6.2-4.15.1 python3-setuptools-40.6.2-4.15.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-40.6.2-4.15.1 References: https://bugzilla.suse.com/1174035 From sle-updates at lists.suse.com Wed Aug 5 13:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 21:16:09 +0200 (CEST) Subject: SUSE-RU-2020:2136-1: moderate: Recommended update for yast2-bootloader Message-ID: <20200805191609.99954FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2136-1 Rating: moderate References: #1172720 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Fixes an issue where the pmbr setup was accidentally applied to non-GPT formatted disks, which led to an error during installation (bsc#1172720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2020-2136=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2136=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-bootloader-3.4.4-3.3.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-bootloader-3.4.4-3.3.2 References: https://bugzilla.suse.com/1172720 From sle-updates at lists.suse.com Wed Aug 5 13:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 21:16:50 +0200 (CEST) Subject: SUSE-RU-2020:2137-1: Recommended update for texlive Message-ID: <20200805191650.3E903FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for texlive ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2137-1 Rating: low References: #1172690 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for texlive fixes the following issues: - Uses now the predefined user id and group id 505 (bsc#1172690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2137=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libkpathsea6-6.2.3-11.16.1 libkpathsea6-debuginfo-6.2.3-11.16.1 libptexenc1-1.3.5-11.16.1 libptexenc1-debuginfo-1.3.5-11.16.1 libsynctex1-1.18-11.16.1 libsynctex1-debuginfo-1.18-11.16.1 libtexlua52-5-5.2.4-11.16.1 libtexlua52-5-debuginfo-5.2.4-11.16.1 texlive-2017.20170520-11.16.1 texlive-a2ping-bin-2017.20170520.svn27321-11.16.1 texlive-accfonts-bin-2017.20170520.svn12688-11.16.1 texlive-adhocfilelist-bin-2017.20170520.svn28038-11.16.1 texlive-afm2pl-bin-2017.20170520.svn44143-11.16.1 texlive-afm2pl-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-aleph-bin-2017.20170520.svn44143-11.16.1 texlive-aleph-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-amstex-bin-2017.20170520.svn3006-11.16.1 texlive-arara-bin-2017.20170520.svn29036-11.16.1 texlive-asymptote-bin-2017.20170520.svn43843-11.16.1 texlive-asymptote-bin-debuginfo-2017.20170520.svn43843-11.16.1 texlive-authorindex-bin-2017.20170520.svn18790-11.16.1 texlive-autosp-bin-2017.20170520.svn44143-11.16.1 texlive-autosp-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-bibexport-bin-2017.20170520.svn16219-11.16.1 texlive-bibtex-bin-2017.20170520.svn44143-11.16.1 texlive-bibtex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-bibtex8-bin-2017.20170520.svn44143-11.16.1 texlive-bibtex8-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-bibtexu-bin-2017.20170520.svn44143-11.16.1 texlive-bibtexu-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-bin-devel-2017.20170520-11.16.1 texlive-bundledoc-bin-2017.20170520.svn17794-11.16.1 texlive-cachepic-bin-2017.20170520.svn15543-11.16.1 texlive-checkcites-bin-2017.20170520.svn25623-11.16.1 texlive-checklistings-bin-2017.20170520.svn38300-11.16.1 texlive-chktex-bin-2017.20170520.svn44143-11.16.1 texlive-chktex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-cjk-gs-integrate-bin-2017.20170520.svn37223-11.16.1 texlive-cjkutils-bin-2017.20170520.svn44143-11.16.1 texlive-cjkutils-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-context-bin-2017.20170520.svn34112-11.16.1 texlive-convbkmk-bin-2017.20170520.svn30408-11.16.1 texlive-crossrefware-bin-2017.20170520.svn43866-11.16.1 texlive-cslatex-bin-2017.20170520.svn3006-11.16.1 texlive-csplain-bin-2017.20170520.svn33902-11.16.1 texlive-ctanify-bin-2017.20170520.svn24061-11.16.1 texlive-ctanupload-bin-2017.20170520.svn23866-11.16.1 texlive-ctie-bin-2017.20170520.svn44143-11.16.1 texlive-ctie-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-cweb-bin-2017.20170520.svn44143-11.16.1 texlive-cweb-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-cyrillic-bin-bin-2017.20170520.svn29741-11.16.1 texlive-de-macro-bin-2017.20170520.svn17399-11.16.1 texlive-debuginfo-2017.20170520-11.16.1 texlive-debugsource-2017.20170520-11.16.1 texlive-detex-bin-2017.20170520.svn44143-11.16.1 texlive-detex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dosepsbin-bin-2017.20170520.svn24759-11.16.1 texlive-dtl-bin-2017.20170520.svn44143-11.16.1 texlive-dtl-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dtxgen-bin-2017.20170520.svn29031-11.16.1 texlive-dviasm-bin-2017.20170520.svn8329-11.16.1 texlive-dvicopy-bin-2017.20170520.svn44143-11.16.1 texlive-dvicopy-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dvidvi-bin-2017.20170520.svn44143-11.16.1 texlive-dvidvi-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dviinfox-bin-2017.20170520.svn44515-11.16.1 texlive-dviljk-bin-2017.20170520.svn44143-11.16.1 texlive-dviljk-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dvipdfmx-bin-2017.20170520.svn40273-11.16.1 texlive-dvipng-bin-2017.20170520.svn44143-11.16.1 texlive-dvipng-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dvipos-bin-2017.20170520.svn44143-11.16.1 texlive-dvipos-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dvips-bin-2017.20170520.svn44143-11.16.1 texlive-dvips-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-dvisvgm-bin-2017.20170520.svn40987-11.16.1 texlive-dvisvgm-bin-debuginfo-2017.20170520.svn40987-11.16.1 texlive-ebong-bin-2017.20170520.svn21000-11.16.1 texlive-eplain-bin-2017.20170520.svn3006-11.16.1 texlive-epspdf-bin-2017.20170520.svn29050-11.16.1 texlive-epstopdf-bin-2017.20170520.svn18336-11.16.1 texlive-exceltex-bin-2017.20170520.svn25860-11.16.1 texlive-fig4latex-bin-2017.20170520.svn14752-11.16.1 texlive-findhyph-bin-2017.20170520.svn14758-11.16.1 texlive-fontinst-bin-2017.20170520.svn29741-11.16.1 texlive-fontools-bin-2017.20170520.svn25997-11.16.1 texlive-fontware-bin-2017.20170520.svn44143-11.16.1 texlive-fontware-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-fragmaster-bin-2017.20170520.svn13663-11.16.1 texlive-getmap-bin-2017.20170520.svn34971-11.16.1 texlive-glossaries-bin-2017.20170520.svn37813-11.16.1 texlive-gregoriotex-bin-2017.20170520.svn44143-11.16.1 texlive-gregoriotex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-gsftopk-bin-2017.20170520.svn44143-11.16.1 texlive-gsftopk-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-jadetex-bin-2017.20170520.svn3006-11.16.1 texlive-kotex-utils-bin-2017.20170520.svn32101-11.16.1 texlive-kpathsea-bin-2017.20170520.svn44143-11.16.1 texlive-kpathsea-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-kpathsea-devel-6.2.3-11.16.1 texlive-lacheck-bin-2017.20170520.svn44143-11.16.1 texlive-lacheck-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-latex-bin-bin-2017.20170520.svn14050-11.16.1 texlive-latex-git-log-bin-2017.20170520.svn30983-11.16.1 texlive-latex-papersize-bin-2017.20170520.svn42296-11.16.1 texlive-latex2man-bin-2017.20170520.svn13663-11.16.1 texlive-latex2nemeth-bin-2017.20170520.svn42300-11.16.1 texlive-latexdiff-bin-2017.20170520.svn16420-11.16.1 texlive-latexfileversion-bin-2017.20170520.svn25012-11.16.1 texlive-latexindent-bin-2017.20170520.svn32150-11.16.1 texlive-latexmk-bin-2017.20170520.svn10937-11.16.1 texlive-latexpand-bin-2017.20170520.svn27025-11.16.1 texlive-lcdftypetools-bin-2017.20170520.svn44143-11.16.1 texlive-lcdftypetools-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-lilyglyphs-bin-2017.20170520.svn31696-11.16.1 texlive-listbib-bin-2017.20170520.svn26126-11.16.1 texlive-listings-ext-bin-2017.20170520.svn15093-11.16.1 texlive-lollipop-bin-2017.20170520.svn41465-11.16.1 texlive-ltxfileinfo-bin-2017.20170520.svn29005-11.16.1 texlive-ltximg-bin-2017.20170520.svn32346-11.16.1 texlive-lua2dox-bin-2017.20170520.svn29053-11.16.1 texlive-luaotfload-bin-2017.20170520.svn34647-11.16.1 texlive-luatex-bin-2017.20170520.svn44549-11.16.1 texlive-luatex-bin-debuginfo-2017.20170520.svn44549-11.16.1 texlive-lwarp-bin-2017.20170520.svn43292-11.16.1 texlive-m-tx-bin-2017.20170520.svn44143-11.16.1 texlive-m-tx-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-make4ht-bin-2017.20170520.svn37750-11.16.1 texlive-makedtx-bin-2017.20170520.svn38769-11.16.1 texlive-makeindex-bin-2017.20170520.svn44143-11.16.1 texlive-makeindex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-match_parens-bin-2017.20170520.svn23500-11.16.1 texlive-mathspic-bin-2017.20170520.svn23661-11.16.1 texlive-metafont-bin-2017.20170520.svn44143-11.16.1 texlive-metafont-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-metapost-bin-2017.20170520.svn44143-11.16.1 texlive-metapost-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-mex-bin-2017.20170520.svn3006-11.16.1 texlive-mf2pt1-bin-2017.20170520.svn23406-11.16.1 texlive-mflua-bin-2017.20170520.svn44143-11.16.1 texlive-mflua-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-mfware-bin-2017.20170520.svn44143-11.16.1 texlive-mfware-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-mkgrkindex-bin-2017.20170520.svn14428-11.16.1 texlive-mkjobtexmf-bin-2017.20170520.svn8457-11.16.1 texlive-mkpic-bin-2017.20170520.svn33688-11.16.1 texlive-mltex-bin-2017.20170520.svn3006-11.16.1 texlive-mptopdf-bin-2017.20170520.svn18674-11.16.1 texlive-multibibliography-bin-2017.20170520.svn30534-11.16.1 texlive-musixtex-bin-2017.20170520.svn37026-11.16.1 texlive-musixtnt-bin-2017.20170520.svn44143-11.16.1 texlive-musixtnt-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-omegaware-bin-2017.20170520.svn44143-11.16.1 texlive-omegaware-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-patgen-bin-2017.20170520.svn44143-11.16.1 texlive-patgen-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-pax-bin-2017.20170520.svn10843-11.16.1 texlive-pdfbook2-bin-2017.20170520.svn37537-11.16.1 texlive-pdfcrop-bin-2017.20170520.svn14387-11.16.1 texlive-pdfjam-bin-2017.20170520.svn17868-11.16.1 texlive-pdflatexpicscale-bin-2017.20170520.svn41779-11.16.1 texlive-pdftex-bin-2017.20170520.svn44143-11.16.1 texlive-pdftex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-pdftools-bin-2017.20170520.svn44143-11.16.1 texlive-pdftools-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-pdfxup-bin-2017.20170520.svn40690-11.16.1 texlive-pedigree-perl-bin-2017.20170520.svn25962-11.16.1 texlive-perltex-bin-2017.20170520.svn16181-11.16.1 texlive-petri-nets-bin-2017.20170520.svn39165-11.16.1 texlive-pfarrei-bin-2017.20170520.svn29348-11.16.1 texlive-pkfix-bin-2017.20170520.svn13364-11.16.1 texlive-pkfix-helper-bin-2017.20170520.svn13663-11.16.1 texlive-platex-bin-2017.20170520.svn22859-11.16.1 texlive-pmx-bin-2017.20170520.svn44143-11.16.1 texlive-pmx-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-pmxchords-bin-2017.20170520.svn32405-11.16.1 texlive-ps2pk-bin-2017.20170520.svn44143-11.16.1 texlive-ps2pk-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-pst-pdf-bin-2017.20170520.svn7838-11.16.1 texlive-pst2pdf-bin-2017.20170520.svn29333-11.16.1 texlive-pstools-bin-2017.20170520.svn44143-11.16.1 texlive-pstools-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-ptex-bin-2017.20170520.svn44143-11.16.1 texlive-ptex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-ptex-fontmaps-bin-2017.20170520.svn44206-11.16.1 texlive-ptex2pdf-bin-2017.20170520.svn29335-11.16.1 texlive-ptexenc-devel-1.3.5-11.16.1 texlive-purifyeps-bin-2017.20170520.svn13663-11.16.1 texlive-pygmentex-bin-2017.20170520.svn34996-11.16.1 texlive-pythontex-bin-2017.20170520.svn31638-11.16.1 texlive-rubik-bin-2017.20170520.svn32919-11.16.1 texlive-seetexk-bin-2017.20170520.svn44143-11.16.1 texlive-seetexk-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-splitindex-bin-2017.20170520.svn29688-11.16.1 texlive-srcredact-bin-2017.20170520.svn38710-11.16.1 texlive-sty2dtx-bin-2017.20170520.svn21215-11.16.1 texlive-svn-multi-bin-2017.20170520.svn13663-11.16.1 texlive-synctex-bin-2017.20170520.svn44143-11.16.1 texlive-synctex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-synctex-devel-1.18-11.16.1 texlive-tetex-bin-2017.20170520.svn43957-11.16.1 texlive-tex-bin-2017.20170520.svn44143-11.16.1 texlive-tex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-tex4ebook-bin-2017.20170520.svn37771-11.16.1 texlive-tex4ht-bin-2017.20170520.svn44143-11.16.1 texlive-tex4ht-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-texconfig-bin-2017.20170520.svn29741-11.16.1 texlive-texcount-bin-2017.20170520.svn13013-11.16.1 texlive-texdef-bin-2017.20170520.svn21802-11.16.1 texlive-texdiff-bin-2017.20170520.svn15506-11.16.1 texlive-texdirflatten-bin-2017.20170520.svn12782-11.16.1 texlive-texdoc-bin-2017.20170520.svn29741-11.16.1 texlive-texfot-bin-2017.20170520.svn33155-11.16.1 texlive-texliveonfly-bin-2017.20170520.svn24062-11.16.1 texlive-texloganalyser-bin-2017.20170520.svn13663-11.16.1 texlive-texlua-devel-5.2.4-11.16.1 texlive-texosquery-bin-2017.20170520.svn43596-11.16.1 texlive-texsis-bin-2017.20170520.svn3006-11.16.1 texlive-texware-bin-2017.20170520.svn44143-11.16.1 texlive-texware-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-thumbpdf-bin-2017.20170520.svn6898-11.16.1 texlive-tie-bin-2017.20170520.svn44143-11.16.1 texlive-tie-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-tpic2pdftex-bin-2017.20170520.svn29741-11.16.1 texlive-ttfutils-bin-2017.20170520.svn44143-11.16.1 texlive-ttfutils-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-typeoutfileinfo-bin-2017.20170520.svn25648-11.16.1 texlive-ulqda-bin-2017.20170520.svn13663-11.16.1 texlive-uplatex-bin-2017.20170520.svn26326-11.16.1 texlive-uptex-bin-2017.20170520.svn44143-11.16.1 texlive-uptex-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-urlbst-bin-2017.20170520.svn23262-11.16.1 texlive-velthuis-bin-2017.20170520.svn44143-11.16.1 texlive-velthuis-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-vlna-bin-2017.20170520.svn44143-11.16.1 texlive-vlna-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-vpe-bin-2017.20170520.svn6897-11.16.1 texlive-web-bin-2017.20170520.svn44143-11.16.1 texlive-web-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-xdvi-bin-2017.20170520.svn44143-11.16.1 texlive-xdvi-bin-debuginfo-2017.20170520.svn44143-11.16.1 texlive-xetex-bin-2017.20170520.svn44361-11.16.1 texlive-xetex-bin-debuginfo-2017.20170520.svn44361-11.16.1 texlive-xmltex-bin-2017.20170520.svn3006-11.16.1 texlive-yplan-bin-2017.20170520.svn34398-11.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 x86_64): libtexluajit2-2.1.0beta2-11.16.1 libtexluajit2-debuginfo-2.1.0beta2-11.16.1 texlive-texluajit-devel-2.1.0beta2-11.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): perl-biber-2017.20170520.svn30357-11.16.1 texlive-biber-bin-2017.20170520.svn42679-11.16.1 texlive-diadia-bin-2017.20170520.svn37645-11.16.1 References: https://bugzilla.suse.com/1172690 From sle-updates at lists.suse.com Wed Aug 5 13:17:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Aug 2020 21:17:31 +0200 (CEST) Subject: SUSE-RU-2020:2138-1: important: Recommended update for yast2-ruby-bindings Message-ID: <20200805191731.10F42FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2138-1 Rating: important References: #1172275 #1172848 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-ruby-bindings fixes the following issues: - Fixed a Ruby error when the appliance gets configured during an installation, which led to a crash (bsc#1172848) - Fixed an error where yast2 --ncurses crashed due to an update of the Ruby interpreter (bsc#1172275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2138=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2138=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2138=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2138=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2138=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2138=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2138=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 - HPE Helion Openstack 8 (x86_64): yast2-ruby-bindings-3.2.16-3.6.1 yast2-ruby-bindings-debuginfo-3.2.16-3.6.1 yast2-ruby-bindings-debugsource-3.2.16-3.6.1 References: https://bugzilla.suse.com/1172275 https://bugzilla.suse.com/1172848 From sle-updates at lists.suse.com Thu Aug 6 00:34:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:34:17 +0200 (CEST) Subject: SUSE-CU-2020:372-1: Recommended update of suse/sles12sp4 Message-ID: <20200806063417.BC029FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:372-1 Container Tags : suse/sles12sp4:26.211 , suse/sles12sp4:latest Container Release : 26.211 Severity : moderate Type : recommended References : 1171878 1172085 1173593 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2092-1 Released: Thu Jul 30 14:55:46 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085,1173593 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files (bsc#1171878, BZ #23178) - nscd: bump GC cycle during cache pruning (bsc#1171878, BZ #26130) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085, BZ #26100) From sle-updates at lists.suse.com Thu Aug 6 00:38:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:38:30 +0200 (CEST) Subject: SUSE-CU-2020:373-1: Recommended update of suse/sles12sp5 Message-ID: <20200806063830.4DC1EFEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:373-1 Container Tags : suse/sles12sp5:6.5.30 , suse/sles12sp5:latest Container Release : 6.5.30 Severity : moderate Type : recommended References : 1171878 1172085 1173593 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2092-1 Released: Thu Jul 30 14:55:46 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085,1173593 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files (bsc#1171878, BZ #23178) - nscd: bump GC cycle during cache pruning (bsc#1171878, BZ #26130) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085, BZ #26100) From sle-updates at lists.suse.com Thu Aug 6 00:38:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:38:38 +0200 (CEST) Subject: SUSE-CU-2020:374-1: Recommended update of suse/sles12sp5 Message-ID: <20200806063838.6FEC4FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:374-1 Container Tags : suse/sles12sp5:6.5.33 , suse/sles12sp5:latest Container Release : 6.5.33 Severity : moderate Type : recommended References : 1173474 1173475 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2125-1 Released: Wed Aug 5 09:26:38 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) From sle-updates at lists.suse.com Thu Aug 6 00:47:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:47:47 +0200 (CEST) Subject: SUSE-CU-2020:375-1: Recommended update of suse/sle15 Message-ID: <20200806064747.0C4E9FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:375-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.240 Container Release : 4.22.240 Severity : moderate Type : recommended References : 1156913 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) From sle-updates at lists.suse.com Thu Aug 6 00:47:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:47:55 +0200 (CEST) Subject: SUSE-CU-2020:376-1: Recommended update of suse/sle15 Message-ID: <20200806064755.809FDFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:376-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.241 Container Release : 4.22.241 Severity : moderate Type : recommended References : 1173227 1173229 1173422 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) From sle-updates at lists.suse.com Thu Aug 6 00:48:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:48:03 +0200 (CEST) Subject: SUSE-CU-2020:377-1: Recommended update of suse/sle15 Message-ID: <20200806064803.DF2CEFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:377-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.244 Container Release : 4.22.244 Severity : moderate Type : recommended References : 1173474 1173475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) From sle-updates at lists.suse.com Thu Aug 6 00:54:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:54:44 +0200 (CEST) Subject: SUSE-CU-2020:378-1: Recommended update of suse/sle15 Message-ID: <20200806065444.ED781FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:378-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.279 Container Release : 6.2.279 Severity : moderate Type : recommended References : 1173227 1173229 1173422 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) From sle-updates at lists.suse.com Thu Aug 6 00:54:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:54:52 +0200 (CEST) Subject: SUSE-CU-2020:379-1: Recommended update of suse/sle15 Message-ID: <20200806065452.38931FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:379-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.282 Container Release : 6.2.282 Severity : moderate Type : recommended References : 1173474 1173475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) From sle-updates at lists.suse.com Thu Aug 6 00:55:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:55:38 +0200 (CEST) Subject: SUSE-CU-2020:380-1: Recommended update of suse/sle15 Message-ID: <20200806065538.DE466FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:380-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.714 Container Release : 8.2.714 Severity : moderate Type : recommended References : 1156913 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) From sle-updates at lists.suse.com Thu Aug 6 00:55:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:55:45 +0200 (CEST) Subject: SUSE-CU-2020:381-1: Recommended update of suse/sle15 Message-ID: <20200806065545.C442EFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:381-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.715 Container Release : 8.2.715 Severity : moderate Type : recommended References : 1173227 1173229 1173422 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) From sle-updates at lists.suse.com Thu Aug 6 00:55:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 08:55:52 +0200 (CEST) Subject: SUSE-CU-2020:382-1: Recommended update of suse/sle15 Message-ID: <20200806065552.9B64EFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:382-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.718 Container Release : 8.2.718 Severity : moderate Type : recommended References : 1173474 1173475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) From sle-updates at lists.suse.com Thu Aug 6 04:13:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 12:13:58 +0200 (CEST) Subject: SUSE-RU-2020:2139-1: moderate: Recommended update for libstorage-ng Message-ID: <20200806101358.66220FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2139-1 Rating: moderate References: #1172866 #1173610 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libstorage-ng fixes the following issues: - merge gh#openSUSE/libstorage-ng#754 - Fix for an issue when NVME client is not installing if the root partition is an NVME device. (bsc#1172866) - Delegate to initial guided proposal when no partitions are defined in the profile. (bsc#1173610) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2139=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2139=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2139=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.3.2 libstorage-ng-debugsource-4.2.76-3.3.2 libstorage-ng-utils-4.2.76-3.3.2 libstorage-ng-utils-debuginfo-4.2.76-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.3.2 libstorage-ng-debugsource-4.2.76-3.3.2 libstorage-ng-devel-4.2.76-3.3.2 libstorage-ng-ruby-4.2.76-3.3.2 libstorage-ng-ruby-debuginfo-4.2.76-3.3.2 libstorage-ng1-4.2.76-3.3.2 libstorage-ng1-debuginfo-4.2.76-3.3.2 yast2-storage-ng-4.2.111-3.4.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libstorage-ng-lang-4.2.76-3.3.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-4.2.76-3.3.2 libstorage-ng1-4.2.76-3.3.2 yast2-storage-ng-4.2.111-3.4.2 References: https://bugzilla.suse.com/1172866 https://bugzilla.suse.com/1173610 From sle-updates at lists.suse.com Thu Aug 6 07:13:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:13:03 +0200 (CEST) Subject: SUSE-SU-2020:2144-1: moderate: Security update for wireshark Message-ID: <20200806131303.E0881FDE4@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2144-1 Rating: moderate References: #1169063 #1171899 #1173606 Cross-References: CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2144=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2144=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.2.5-3.38.1 wireshark-debugsource-3.2.5-3.38.1 wireshark-devel-3.2.5-3.38.1 wireshark-ui-qt-3.2.5-3.38.1 wireshark-ui-qt-debuginfo-3.2.5-3.38.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.2.5-3.38.1 wireshark-debugsource-3.2.5-3.38.1 wireshark-devel-3.2.5-3.38.1 wireshark-ui-qt-3.2.5-3.38.1 wireshark-ui-qt-debuginfo-3.2.5-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libwireshark13-3.2.5-3.38.1 libwireshark13-debuginfo-3.2.5-3.38.1 libwiretap10-3.2.5-3.38.1 libwiretap10-debuginfo-3.2.5-3.38.1 libwsutil11-3.2.5-3.38.1 libwsutil11-debuginfo-3.2.5-3.38.1 wireshark-3.2.5-3.38.1 wireshark-debuginfo-3.2.5-3.38.1 wireshark-debugsource-3.2.5-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libwireshark13-3.2.5-3.38.1 libwireshark13-debuginfo-3.2.5-3.38.1 libwiretap10-3.2.5-3.38.1 libwiretap10-debuginfo-3.2.5-3.38.1 libwsutil11-3.2.5-3.38.1 libwsutil11-debuginfo-3.2.5-3.38.1 wireshark-3.2.5-3.38.1 wireshark-debuginfo-3.2.5-3.38.1 wireshark-debugsource-3.2.5-3.38.1 References: https://www.suse.com/security/cve/CVE-2020-11647.html https://www.suse.com/security/cve/CVE-2020-13164.html https://www.suse.com/security/cve/CVE-2020-15466.html https://bugzilla.suse.com/1169063 https://bugzilla.suse.com/1171899 https://bugzilla.suse.com/1173606 From sle-updates at lists.suse.com Thu Aug 6 07:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:14:01 +0200 (CEST) Subject: SUSE-SU-2020:2143-1: important: Security update for java-11-openjdk Message-ID: <20200806131401.02FC8FDE4@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2143-1 Rating: important References: #1174157 Cross-References: CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing "allocate" naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2143=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2143=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2143=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2143=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2143=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2143=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.8.0-3.45.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): java-11-openjdk-javadoc-11.0.8.0-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.8.0-3.45.1 java-11-openjdk-debuginfo-11.0.8.0-3.45.1 java-11-openjdk-debugsource-11.0.8.0-3.45.1 java-11-openjdk-demo-11.0.8.0-3.45.1 java-11-openjdk-devel-11.0.8.0-3.45.1 java-11-openjdk-headless-11.0.8.0-3.45.1 References: https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14562.html https://www.suse.com/security/cve/CVE-2020-14573.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 From sle-updates at lists.suse.com Thu Aug 6 07:14:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:14:45 +0200 (CEST) Subject: SUSE-RU-2020:2146-1: moderate: Recommended update for gnome-control-center Message-ID: <20200806131445.E0DE7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2146-1 Rating: moderate References: #1160173 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-control-center fixes the following issues: - Fix the resolution list as it shows only the currently used resolution. (bsc#1160173 glgo#GNOME/Settings#903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2146=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2146=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gnome-control-center-color-3.34.6-3.7.1 gnome-control-center-debuginfo-3.34.6-3.7.1 gnome-control-center-debugsource-3.34.6-3.7.1 gnome-control-center-goa-3.34.6-3.7.1 gnome-control-center-user-faces-3.34.6-3.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.34.6-3.7.1 gnome-control-center-debuginfo-3.34.6-3.7.1 gnome-control-center-debugsource-3.34.6-3.7.1 gnome-control-center-devel-3.34.6-3.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-control-center-lang-3.34.6-3.7.1 References: https://bugzilla.suse.com/1160173 From sle-updates at lists.suse.com Thu Aug 6 07:15:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:15:26 +0200 (CEST) Subject: SUSE-SU-2020:2142-1: important: Security update for xrdp Message-ID: <20200806131526.EAB0FFDE4@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2142-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability (bsc#1173580): CVE-2020-4044 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2142=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-4.3.1 libpainter0-debuginfo-0.9.13.1-4.3.1 librfxencode0-0.9.13.1-4.3.1 librfxencode0-debuginfo-0.9.13.1-4.3.1 xrdp-0.9.13.1-4.3.1 xrdp-debuginfo-0.9.13.1-4.3.1 xrdp-debugsource-0.9.13.1-4.3.1 xrdp-devel-0.9.13.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-updates at lists.suse.com Thu Aug 6 07:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:16:09 +0200 (CEST) Subject: SUSE-SU-2020:2140-1: important: Security update for rubygem-actionview-4_2 Message-ID: <20200806131609.5035AFDE4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2140-1 Rating: important References: #1173144 Cross-References: CVE-2020-8163 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - Fixed a potential remote code execution of user-provided local names (bsc#1173144, CVE-2020-8163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2140=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2140=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2140=1 - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2020-2140=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 - SUSE OpenStack Cloud 6-LTSS (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.9.1 ruby2.1-rubygem-activesupport-4_2-4.2.9-7.6.1 References: https://www.suse.com/security/cve/CVE-2020-8163.html https://bugzilla.suse.com/1173144 From sle-updates at lists.suse.com Thu Aug 6 07:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:16:50 +0200 (CEST) Subject: SUSE-SU-2020:2141-1: important: Security update for xen Message-ID: <20200806131650.DBB18FDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2141-1 Rating: important References: #1163019 #1174543 Cross-References: CVE-2020-8608 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2141=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2141=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2141=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2141=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_06-2.33.1 xen-debugsource-4.11.4_06-2.33.1 xen-doc-html-4.11.4_06-2.33.1 xen-libs-32bit-4.11.4_06-2.33.1 xen-libs-4.11.4_06-2.33.1 xen-libs-debuginfo-32bit-4.11.4_06-2.33.1 xen-libs-debuginfo-4.11.4_06-2.33.1 xen-tools-4.11.4_06-2.33.1 xen-tools-debuginfo-4.11.4_06-2.33.1 xen-tools-domU-4.11.4_06-2.33.1 xen-tools-domU-debuginfo-4.11.4_06-2.33.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_06-2.33.1 xen-debugsource-4.11.4_06-2.33.1 xen-doc-html-4.11.4_06-2.33.1 xen-libs-32bit-4.11.4_06-2.33.1 xen-libs-4.11.4_06-2.33.1 xen-libs-debuginfo-32bit-4.11.4_06-2.33.1 xen-libs-debuginfo-4.11.4_06-2.33.1 xen-tools-4.11.4_06-2.33.1 xen-tools-debuginfo-4.11.4_06-2.33.1 xen-tools-domU-4.11.4_06-2.33.1 xen-tools-domU-debuginfo-4.11.4_06-2.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_06-2.33.1 xen-debugsource-4.11.4_06-2.33.1 xen-doc-html-4.11.4_06-2.33.1 xen-libs-32bit-4.11.4_06-2.33.1 xen-libs-4.11.4_06-2.33.1 xen-libs-debuginfo-32bit-4.11.4_06-2.33.1 xen-libs-debuginfo-4.11.4_06-2.33.1 xen-tools-4.11.4_06-2.33.1 xen-tools-debuginfo-4.11.4_06-2.33.1 xen-tools-domU-4.11.4_06-2.33.1 xen-tools-domU-debuginfo-4.11.4_06-2.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_06-2.33.1 xen-debugsource-4.11.4_06-2.33.1 xen-doc-html-4.11.4_06-2.33.1 xen-libs-32bit-4.11.4_06-2.33.1 xen-libs-4.11.4_06-2.33.1 xen-libs-debuginfo-32bit-4.11.4_06-2.33.1 xen-libs-debuginfo-4.11.4_06-2.33.1 xen-tools-4.11.4_06-2.33.1 xen-tools-debuginfo-4.11.4_06-2.33.1 xen-tools-domU-4.11.4_06-2.33.1 xen-tools-domU-debuginfo-4.11.4_06-2.33.1 References: https://www.suse.com/security/cve/CVE-2020-8608.html https://bugzilla.suse.com/1163019 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 6 07:17:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 15:17:37 +0200 (CEST) Subject: SUSE-RU-2020:2145-1: moderate: Recommended update for SUSEConnect Message-ID: <20200806131737.68104FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2145-1 Rating: moderate References: #1124318 #1130864 #1155911 #1160007 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fixes an issue where SUSEConnect was not able to detect cloud_provider on large AWS instances e.g. c5n.9xlarge (bsc#1160007) - Removed the ability to unregister on-demand Public Cloud instances (bsc#1155911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2145=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.25-3.3.1 References: https://bugzilla.suse.com/1124318 https://bugzilla.suse.com/1130864 https://bugzilla.suse.com/1155911 https://bugzilla.suse.com/1160007 From sle-updates at lists.suse.com Thu Aug 6 10:28:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 18:28:23 +0200 (CEST) Subject: SUSE-RU-2020:2148-1: important: Recommended update for ca-certificates-mozilla Message-ID: <20200806162823.0C755FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2148-1 Rating: important References: #1174673 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2148=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): ca-certificates-mozilla-2.42-9.3.1 References: https://bugzilla.suse.com/1174673 From sle-updates at lists.suse.com Thu Aug 6 10:29:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 18:29:06 +0200 (CEST) Subject: SUSE-SU-2020:2147-1: important: Security update for MozillaFirefox Message-ID: <20200806162906.02829FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2147-1 Rating: important References: #1171433 #1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: This update for MozillaFirefox and pipewire fixes the following issues: MozillaFirefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308): * Extensive memory leak fixing and stress testing was done. A big leak in screen sharing with DMA-BUF was fixed. * Compile fixes * Stability improvements in jack and pulseaudio layers. * Added the old portal module to make the Camera portal work again. This will be moved to the session manager in future versions. * Improvements to the GStreamer source and sink shutdown. * Fix compatibility with v2 clients again when negotiating buffers. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2147=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-8.3.1 MozillaFirefox-branding-SLE-78-9.2.4 MozillaFirefox-debuginfo-78.1.0-8.3.1 MozillaFirefox-debugsource-78.1.0-8.3.1 MozillaFirefox-translations-common-78.1.0-8.3.1 MozillaFirefox-translations-other-78.1.0-8.3.1 libpipewire-0_3-0-0.3.6-3.3.2 libpipewire-0_3-0-debuginfo-0.3.6-3.3.2 pipewire-0.3.6-3.3.2 pipewire-debuginfo-0.3.6-3.3.2 pipewire-debugsource-0.3.6-3.3.2 pipewire-modules-0.3.6-3.3.2 pipewire-modules-debuginfo-0.3.6-3.3.2 pipewire-spa-plugins-0_2-0.3.6-3.3.2 pipewire-spa-plugins-0_2-debuginfo-0.3.6-3.3.2 pipewire-spa-tools-0.3.6-3.3.2 pipewire-spa-tools-debuginfo-0.3.6-3.3.2 pipewire-tools-0.3.6-3.3.2 pipewire-tools-debuginfo-0.3.6-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.1.0-8.3.1 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15653.html https://www.suse.com/security/cve/CVE-2020-15654.html https://www.suse.com/security/cve/CVE-2020-15655.html https://www.suse.com/security/cve/CVE-2020-15656.html https://www.suse.com/security/cve/CVE-2020-15657.html https://www.suse.com/security/cve/CVE-2020-15658.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1171433 https://bugzilla.suse.com/1174538 From sle-updates at lists.suse.com Thu Aug 6 10:29:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 18:29:57 +0200 (CEST) Subject: SUSE-RU-2020:2150-1: important: Recommended update for oracleasm Message-ID: <20200806162957.46E30FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2150-1 Rating: important References: #1171818 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issues: - Fix for an issue when Oracle ASM receives a false signal from asmlib and terminates ASM processes. (bsc#1171818) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2150=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-2150=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_24.9-13.3.3 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_24.9-13.3.3 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_6-13.3.3 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_6-13.3.3 References: https://bugzilla.suse.com/1171818 From sle-updates at lists.suse.com Thu Aug 6 10:30:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 18:30:48 +0200 (CEST) Subject: SUSE-SU-2020:2149-1: moderate: Security update for postgresql10 and postgresql12 Message-ID: <20200806163048.63B34FEC3@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 and postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2149-1 Rating: moderate References: #1148643 #1163985 #1171924 Cross-References: CVE-2020-1720 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985) - https://www.postgresql.org/about/news/2011/ - https://www.postgresql.org/docs/10/release-10-12.html postgresql10 was updated to 10.11: - https://www.postgresql.org/about/news/1994/ - https://www.postgresql.org/docs/10/release-10-11.html postgresql12 was updated to 12.3 (bsc#1171924). Bug Fixes and Improvements: - Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input. - Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes. - Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects. - Allow for a partition to be detached when it has inherited ROW triggers. - Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails. - Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression. - Fix performance regression in floating point overflow/underflow detection. - Several fixes for full text search, particularly with phrase searching. - Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause. - Several reporting fixes for the output of VACUUM VERBOSE. - Allow input of type circle to accept the format (x,y),r, which is specified in the documentation. - Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB. - Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived. - Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines. - Several fixes for logical replication and replication slots. - Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting. - Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption. - Ensure that members of the pg_read_all_stats role can read all statistics views. - Fix performance regression in information_schema.triggers view. - Fix memory leak in libpq when using sslmode=verify-full. - Fix crash in psql when attempting to re-establish a failed connection. - Allow tab-completion of the filename argument to \gx command in psql. - Add pg_dump support for ALTER ... DEPENDS ON EXTENSION. - Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end. - Ensure pg_basebackup generates valid tar files. - pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version - Several Windows compatibility fixes This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions. For more details, check out: - https://www.postgresql.org/docs/12/release-12-3.html Other fixes: - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2149=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2149=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2149=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2149=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2149=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server for SAP 15 (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server 15-LTSS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-12.3-3.8.1 libecpg6-debuginfo-12.3-3.8.1 postgresql12-contrib-12.3-3.8.1 postgresql12-contrib-debuginfo-12.3-3.8.1 postgresql12-debuginfo-12.3-3.8.1 postgresql12-debugsource-12.3-3.8.1 postgresql12-devel-12.3-3.8.1 postgresql12-devel-debuginfo-12.3-3.8.1 postgresql12-plperl-12.3-3.8.1 postgresql12-plperl-debuginfo-12.3-3.8.1 postgresql12-plpython-12.3-3.8.1 postgresql12-plpython-debuginfo-12.3-3.8.1 postgresql12-pltcl-12.3-3.8.1 postgresql12-pltcl-debuginfo-12.3-3.8.1 postgresql12-server-12.3-3.8.1 postgresql12-server-debuginfo-12.3-3.8.1 postgresql12-server-devel-12.3-3.8.1 postgresql12-server-devel-debuginfo-12.3-3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql-server-devel-12.0.1-8.14.1 postgresql12-docs-12.3-3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): postgresql-test-12.0.1-8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-12.3-3.8.1 libpq5-debuginfo-12.3-3.8.1 postgresql12-12.3-3.8.1 postgresql12-debuginfo-12.3-3.8.1 postgresql12-debugsource-12.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postgresql-12.0.1-8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpq5-32bit-12.3-3.8.1 libpq5-32bit-debuginfo-12.3-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4 References: https://www.suse.com/security/cve/CVE-2020-1720.html https://bugzilla.suse.com/1148643 https://bugzilla.suse.com/1163985 https://bugzilla.suse.com/1171924 From sle-updates at lists.suse.com Thu Aug 6 13:12:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 21:12:59 +0200 (CEST) Subject: SUSE-RU-2020:2155-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20200806191259.61208FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2155-1 Rating: moderate References: #1149644 #1164451 #1165572 #1169536 #1169553 #1169780 #1170096 #1170468 #1170654 #1170737 #1172120 #1172807 #1172829 #1172839 #1172962 #1173073 #1173169 #1173204 #1173522 #1173932 #1174357 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - More old modules naming fixes (bsc#1169553) pxe-default-image-sle15: - Rollback the workaround for bsc#1172807, as dracut is now fixed - Fix /sbin/ifup for multiple /tmp/leaseinfo files (bsc#1172807) saltboot-formula: - Use kexec --kexec-syscall-auto if possible (bsc#1172829) - Update to version 0.1.1592576670.67bdfea spacewalk-admin: - Restrict websockify to server localhost only (bsc#1149644) spacewalk-backend: - Make media.1/products available for every channel. Needed for autoinstallation of SLE15 SP2 (bsc#1173204) spacewalk-branding: - Revise system group update status messages (bsc#1170468) spacewalk-config: - Don't use SSL to proxy mgr-websockify with apache (bsc#1149644) spacewalk-java: - Data null means the sync never ran yet (bsc#1174357) - Don't output virtualization pillar for systems without virtualization entitlement - Use volumes for VMs disks - Toggle virtpoller when toggling virtualization host entitlement (bsc#1172962) - Pass minion ip to the kiwi_collect_image runner as fallback instead of fqdn if not present (bsc#1170737) - Fix up2date detection on RH8 when salt-minion is used for registration - Improve performance of the System Groups page with many clients (bsc#1172839) - Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state. - Fix NPE on auto installation when no kernel options are given (bsc#1173932) - Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654) - Serve media.1/products when available (bsc#1173204) - Use repo metadata of the synced base channel when kernel option "useonlinerepo" is provided (bsc#1173204) - Prevent deadlock on suseusernotification (bsc#1173073) - Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468) - Compute the websockify URL on browser side (bsc#1149644) - Deleting registered VM doesn't remove them VM from the Guests list (bsc#1170096) - Improve salt-ssh error parsing on bootstrapping (bsc#1172120) spacewalk-web: - Fix VM creation page when there is no volume in the default storage pool - Use volumes for VMs disks - Use ReactJS Context in Form components - Product list in the Wizard doesn't show SLE products first (bsc#1173522) - Compute the websockify URL on browser side (bsc#1149644) susemanager: - Migrate proxy list in cobbler settings (bsc#1169536) - Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780) susemanager-doc-indexes: - Added information about /etc/salt/master.d/susemanager.conf - Fixed stop and start proxy service on the proxy in Proxy Update Section - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451) susemanager-docs_en: - Added information about /etc/salt/master.d/susemanager.conf - Fixed stop and start proxy service on the proxy in Proxy Update Section - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451) susemanager-schema: - Add VM disk format support - Add new comps type mediaproducts (bsc#1173204) susemanager-sls: - Remove VM disk type attribute - Merge virtualization fragment into suma-minion pillar (bsc#1172962) - Use minion fqdn instead of minion id as target in kiwi_collect_image runner. If fqdn is not present or is localhost, use minion ip as fallback (bsc#1170737) - Log out of Docker registries after image build (bsc#1165572) - Prevent "module.run" deprecation warnings by using custom mgrcompat module - Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2155=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): spacewalk-branding-4.0.18-3.18.1 susemanager-4.0.27-3.33.1 susemanager-tools-4.0.27-3.33.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cobbler-3.0.0+git20190806.32c4bae0-7.16.1 pxe-default-image-sle15-4.0.1-20200724125935 python3-spacewalk-backend-libs-4.0.33-3.32.1 saltboot-formula-0.1.1592576670.67bdfea-3.16.1 spacewalk-admin-4.0.10-3.9.1 spacewalk-backend-4.0.33-3.32.1 spacewalk-backend-app-4.0.33-3.32.1 spacewalk-backend-applet-4.0.33-3.32.1 spacewalk-backend-config-files-4.0.33-3.32.1 spacewalk-backend-config-files-common-4.0.33-3.32.1 spacewalk-backend-config-files-tool-4.0.33-3.32.1 spacewalk-backend-iss-4.0.33-3.32.1 spacewalk-backend-iss-export-4.0.33-3.32.1 spacewalk-backend-package-push-server-4.0.33-3.32.1 spacewalk-backend-server-4.0.33-3.32.1 spacewalk-backend-sql-4.0.33-3.32.1 spacewalk-backend-sql-postgresql-4.0.33-3.32.1 spacewalk-backend-tools-4.0.33-3.32.1 spacewalk-backend-xml-export-libs-4.0.33-3.32.1 spacewalk-backend-xmlrpc-4.0.33-3.32.1 spacewalk-base-4.0.22-3.27.2 spacewalk-base-minimal-4.0.22-3.27.2 spacewalk-base-minimal-config-4.0.22-3.27.2 spacewalk-config-4.0.15-3.10.1 spacewalk-html-4.0.22-3.27.2 spacewalk-java-4.0.35-3.34.1 spacewalk-java-config-4.0.35-3.34.1 spacewalk-java-lib-4.0.35-3.34.1 spacewalk-java-postgresql-4.0.35-3.34.1 spacewalk-taskomatic-4.0.35-3.34.1 susemanager-doc-indexes-4.0-10.27.1 susemanager-docs_en-4.0-10.27.1 susemanager-docs_en-pdf-4.0-10.27.1 susemanager-schema-4.0.21-3.26.1 susemanager-sls-4.0.28-3.28.1 susemanager-web-libs-4.0.22-3.27.2 References: https://bugzilla.suse.com/1149644 https://bugzilla.suse.com/1164451 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169536 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170096 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1170737 https://bugzilla.suse.com/1172120 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172829 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1172962 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173204 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1174357 From sle-updates at lists.suse.com Thu Aug 6 13:16:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 21:16:08 +0200 (CEST) Subject: SUSE-RU-2020:2155-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20200806191608.817A2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2155-1 Rating: moderate References: #1149644 #1164451 #1165572 #1169536 #1169553 #1169780 #1170096 #1170468 #1170654 #1170737 #1172120 #1172807 #1172829 #1172839 #1172962 #1173073 #1173169 #1173204 #1173522 #1173932 #1174357 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - More old modules naming fixes (bsc#1169553) pxe-default-image-sle15: - Rollback the workaround for bsc#1172807, as dracut is now fixed - Fix /sbin/ifup for multiple /tmp/leaseinfo files (bsc#1172807) saltboot-formula: - Use kexec --kexec-syscall-auto if possible (bsc#1172829) - Update to version 0.1.1592576670.67bdfea spacewalk-admin: - Restrict websockify to server localhost only (bsc#1149644) spacewalk-backend: - Make media.1/products available for every channel. Needed for autoinstallation of SLE15 SP2 (bsc#1173204) spacewalk-branding: - Revise system group update status messages (bsc#1170468) spacewalk-config: - Don't use SSL to proxy mgr-websockify with apache (bsc#1149644) spacewalk-java: - Data null means the sync never ran yet (bsc#1174357) - Don't output virtualization pillar for systems without virtualization entitlement - Use volumes for VMs disks - Toggle virtpoller when toggling virtualization host entitlement (bsc#1172962) - Pass minion ip to the kiwi_collect_image runner as fallback instead of fqdn if not present (bsc#1170737) - Fix up2date detection on RH8 when salt-minion is used for registration - Improve performance of the System Groups page with many clients (bsc#1172839) - Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state. - Fix NPE on auto installation when no kernel options are given (bsc#1173932) - Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654) - Serve media.1/products when available (bsc#1173204) - Use repo metadata of the synced base channel when kernel option "useonlinerepo" is provided (bsc#1173204) - Prevent deadlock on suseusernotification (bsc#1173073) - Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468) - Compute the websockify URL on browser side (bsc#1149644) - Deleting registered VM doesn't remove them VM from the Guests list (bsc#1170096) - Improve salt-ssh error parsing on bootstrapping (bsc#1172120) spacewalk-web: - Fix VM creation page when there is no volume in the default storage pool - Use volumes for VMs disks - Use ReactJS Context in Form components - Product list in the Wizard doesn't show SLE products first (bsc#1173522) - Compute the websockify URL on browser side (bsc#1149644) susemanager: - Migrate proxy list in cobbler settings (bsc#1169536) - Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780) susemanager-doc-indexes: - Added information about /etc/salt/master.d/susemanager.conf - Fixed stop and start proxy service on the proxy in Proxy Update Section - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451) susemanager-docs_en: - Added information about /etc/salt/master.d/susemanager.conf - Fixed stop and start proxy service on the proxy in Proxy Update Section - Combining activation keys works only with traditional clients. Updated in Client Configuration Guide and Reference. (bsc#1164451) susemanager-schema: - Add VM disk format support - Add new comps type mediaproducts (bsc#1173204) susemanager-sls: - Remove VM disk type attribute - Merge virtualization fragment into suma-minion pillar (bsc#1172962) - Use minion fqdn instead of minion id as target in kiwi_collect_image runner. If fqdn is not present or is localhost, use minion ip as fallback (bsc#1170737) - Log out of Docker registries after image build (bsc#1165572) - Prevent "module.run" deprecation warnings by using custom mgrcompat module - Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2155=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2155=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): spacewalk-branding-4.0.18-3.18.1 susemanager-4.0.27-3.33.1 susemanager-tools-4.0.27-3.33.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cobbler-3.0.0+git20190806.32c4bae0-7.16.1 pxe-default-image-sle15-4.0.1-20200724125935 python3-spacewalk-backend-libs-4.0.33-3.32.1 saltboot-formula-0.1.1592576670.67bdfea-3.16.1 spacewalk-admin-4.0.10-3.9.1 spacewalk-backend-4.0.33-3.32.1 spacewalk-backend-app-4.0.33-3.32.1 spacewalk-backend-applet-4.0.33-3.32.1 spacewalk-backend-config-files-4.0.33-3.32.1 spacewalk-backend-config-files-common-4.0.33-3.32.1 spacewalk-backend-config-files-tool-4.0.33-3.32.1 spacewalk-backend-iss-4.0.33-3.32.1 spacewalk-backend-iss-export-4.0.33-3.32.1 spacewalk-backend-package-push-server-4.0.33-3.32.1 spacewalk-backend-server-4.0.33-3.32.1 spacewalk-backend-sql-4.0.33-3.32.1 spacewalk-backend-sql-postgresql-4.0.33-3.32.1 spacewalk-backend-tools-4.0.33-3.32.1 spacewalk-backend-xml-export-libs-4.0.33-3.32.1 spacewalk-backend-xmlrpc-4.0.33-3.32.1 spacewalk-base-4.0.22-3.27.2 spacewalk-base-minimal-4.0.22-3.27.2 spacewalk-base-minimal-config-4.0.22-3.27.2 spacewalk-config-4.0.15-3.10.1 spacewalk-html-4.0.22-3.27.2 spacewalk-java-4.0.35-3.34.1 spacewalk-java-config-4.0.35-3.34.1 spacewalk-java-lib-4.0.35-3.34.1 spacewalk-java-postgresql-4.0.35-3.34.1 spacewalk-taskomatic-4.0.35-3.34.1 susemanager-doc-indexes-4.0-10.27.1 susemanager-docs_en-4.0-10.27.1 susemanager-docs_en-pdf-4.0-10.27.1 susemanager-schema-4.0.21-3.26.1 susemanager-sls-4.0.28-3.28.1 susemanager-web-libs-4.0.22-3.27.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.33-3.32.1 spacewalk-backend-4.0.33-3.32.1 spacewalk-base-minimal-4.0.22-3.27.2 spacewalk-base-minimal-config-4.0.22-3.27.2 References: https://bugzilla.suse.com/1149644 https://bugzilla.suse.com/1164451 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169536 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170096 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1170737 https://bugzilla.suse.com/1172120 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172829 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1172962 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173204 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1174357 From sle-updates at lists.suse.com Thu Aug 6 13:21:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 21:21:19 +0200 (CEST) Subject: SUSE-SU-2020:2152-1: important: Security update for the Linux Kernel Message-ID: <20200806192119.E2C64FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2152-1 Rating: important References: #1065729 #1146351 #1149652 #1152457 #1162002 #1164910 #1170011 #1170618 #1171078 #1171189 #1171191 #1171220 #1171732 #1171988 #1172453 #1172458 #1172775 #1172999 #1173280 #1173658 #1174115 #1174462 #1174543 Cross-References: CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1164910). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - udp: drop corrupt packets earlier to avoid data corruption (bsc#1173658). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2152=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2152=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2152=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2152=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2152=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2152=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2152=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2152=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-default-kgraft-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-default-kgraft-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-default-kgraft-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.127.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.127.1 cluster-md-kmp-default-debuginfo-4.4.180-94.127.1 dlm-kmp-default-4.4.180-94.127.1 dlm-kmp-default-debuginfo-4.4.180-94.127.1 gfs2-kmp-default-4.4.180-94.127.1 gfs2-kmp-default-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 ocfs2-kmp-default-4.4.180-94.127.1 ocfs2-kmp-default-debuginfo-4.4.180-94.127.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - SUSE Enterprise Storage 5 (x86_64): kernel-default-kgraft-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.127.1 kernel-macros-4.4.180-94.127.1 kernel-source-4.4.180-94.127.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.127.1 kernel-default-base-4.4.180-94.127.1 kernel-default-base-debuginfo-4.4.180-94.127.1 kernel-default-debuginfo-4.4.180-94.127.1 kernel-default-debugsource-4.4.180-94.127.1 kernel-default-devel-4.4.180-94.127.1 kernel-default-kgraft-4.4.180-94.127.1 kernel-syms-4.4.180-94.127.1 kgraft-patch-4_4_180-94_127-default-1-4.3.1 kgraft-patch-4_4_180-94_127-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1164910 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173658 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 6 13:24:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 21:24:42 +0200 (CEST) Subject: SUSE-RU-2020:2153-1: Recommended update for release-notes-susemanager Message-ID: <20200806192442.7A81CFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2153-1 Rating: low References: #1174700 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following addition: Re-release for 3.2.14 notes - Added a note about extended lifecycle due to COVID-19 and Salt 3000 and workaround - Bugs mentioned: bsc#1174700 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2153=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.14.1-6.56.1 References: https://bugzilla.suse.com/1174700 From sle-updates at lists.suse.com Thu Aug 6 13:25:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Aug 2020 21:25:23 +0200 (CEST) Subject: SUSE-RU-2020:2154-1: Recommended update for SUSE Manager 4.0.8 Release Notes Message-ID: <20200806192523.5DBC6FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.0.8 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2154-1 Rating: low References: #1149644 #1164451 #1165572 #1169536 #1169553 #1169780 #1170096 #1170468 #1170654 #1170737 #1172120 #1172807 #1172829 #1172839 #1172962 #1173073 #1173169 #1173204 #1173522 #1173932 #1174357 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update for the SUSE Manager 4.0.8 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.0.8 - Bugs mentioned: bsc#1169553, bsc#1172807, bsc#1172807, bsc#1172829, bsc#1149644, bsc#1173204, bsc#1170468, bsc#1149644, bsc#1174357, bsc#1172962, bsc#1170737, bsc#1172839, bsc#1173932, bsc#1170654, bsc#1173204, bsc#1173204, bsc#1173073, bsc#1170468, bsc#1149644, bsc#1170096, bsc#1172120, bsc#1173522, bsc#1149644, bsc#1169536, bsc#1169780, bsc#1164451, bsc#1164451, bsc#1173204, bsc#1172962, bsc#1170737, bsc#1165572, bsc#1173169 Release notes for SUSE Manager proxy: - Update to 4.0.8 - Bugs mentioned: bsc#1173204, bsc#1173522, bsc#1149644 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2020-2154=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2020-2154=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2020-2154=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.8-3.51.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.8-0.16.35.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.8-0.16.35.1 References: https://bugzilla.suse.com/1149644 https://bugzilla.suse.com/1164451 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169536 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170096 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1170737 https://bugzilla.suse.com/1172120 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172829 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1172962 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173204 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1174357 From sle-updates at lists.suse.com Thu Aug 6 16:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 00:12:51 +0200 (CEST) Subject: SUSE-SU-2020:2158-1: important: Security update for xen Message-ID: <20200806221251.C855AFF0B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2158-1 Rating: important References: #1172356 #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2158=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2158=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.3_06-3.25.1 xen-debugsource-4.12.3_06-3.25.1 xen-devel-4.12.3_06-3.25.1 xen-tools-4.12.3_06-3.25.1 xen-tools-debuginfo-4.12.3_06-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.3_06-3.25.1 xen-libs-4.12.3_06-3.25.1 xen-libs-debuginfo-4.12.3_06-3.25.1 xen-tools-domU-4.12.3_06-3.25.1 xen-tools-domU-debuginfo-4.12.3_06-3.25.1 References: https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 6 16:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 00:13:42 +0200 (CEST) Subject: SUSE-SU-2020:2159-1: important: Security update for xen Message-ID: <20200806221342.D81A3FF0B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2159-1 Rating: important References: #1172356 #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2159=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2159=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2159=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_14-3.38.1 xen-debugsource-4.10.4_14-3.38.1 xen-devel-4.10.4_14-3.38.1 xen-libs-4.10.4_14-3.38.1 xen-libs-debuginfo-4.10.4_14-3.38.1 xen-tools-4.10.4_14-3.38.1 xen-tools-debuginfo-4.10.4_14-3.38.1 xen-tools-domU-4.10.4_14-3.38.1 xen-tools-domU-debuginfo-4.10.4_14-3.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_14-3.38.1 xen-debugsource-4.10.4_14-3.38.1 xen-devel-4.10.4_14-3.38.1 xen-libs-4.10.4_14-3.38.1 xen-libs-debuginfo-4.10.4_14-3.38.1 xen-tools-4.10.4_14-3.38.1 xen-tools-debuginfo-4.10.4_14-3.38.1 xen-tools-domU-4.10.4_14-3.38.1 xen-tools-domU-debuginfo-4.10.4_14-3.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_14-3.38.1 xen-debugsource-4.10.4_14-3.38.1 xen-devel-4.10.4_14-3.38.1 xen-libs-4.10.4_14-3.38.1 xen-libs-debuginfo-4.10.4_14-3.38.1 xen-tools-4.10.4_14-3.38.1 xen-tools-debuginfo-4.10.4_14-3.38.1 xen-tools-domU-4.10.4_14-3.38.1 xen-tools-domU-debuginfo-4.10.4_14-3.38.1 References: https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 6 16:14:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 00:14:33 +0200 (CEST) Subject: SUSE-SU-2020:2156-1: important: Security update for the Linux Kernel Message-ID: <20200806221433.5CD69FF0B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2156-1 Rating: important References: #1051510 #1058115 #1065729 #1071995 #1082555 #1085030 #1089895 #1104967 #1111666 #1114279 #1133021 #1144333 #1148868 #1150660 #1151794 #1152107 #1152489 #1152624 #1154824 #1157169 #1158265 #1158983 #1159058 #1159199 #1160388 #1160947 #1161016 #1162002 #1162063 #1165183 #1165741 #1166969 #1167574 #1167851 #1168081 #1168503 #1168670 #1169020 #1169194 #1169514 #1169525 #1169625 #1169795 #1170011 #1170056 #1170125 #1170145 #1170345 #1170457 #1170522 #1170592 #1170618 #1170620 #1170770 #1170778 #1170791 #1170901 #1171078 #1171098 #1171118 #1171124 #1171189 #1171191 #1171195 #1171202 #1171205 #1171217 #1171218 #1171219 #1171220 #1171293 #1171417 #1171424 #1171527 #1171558 #1171599 #1171600 #1171601 #1171602 #1171604 #1171605 #1171606 #1171607 #1171608 #1171609 #1171610 #1171611 #1171612 #1171613 #1171614 #1171615 #1171616 #1171617 #1171618 #1171619 #1171620 #1171621 #1171622 #1171623 #1171624 #1171625 #1171626 #1171673 #1171679 #1171691 #1171694 #1171695 #1171736 #1171761 #1171868 #1171904 #1171948 #1171949 #1171951 #1171952 #1171982 #1171983 #1172096 #1172097 #1172098 #1172099 #1172101 #1172102 #1172103 #1172104 #1172127 #1172130 #1172185 #1172188 #1172199 #1172221 #1172253 #1172257 #1172317 #1172342 #1172343 #1172344 #1172366 #1172391 #1172397 #1172453 #1172458 #1172484 #1172759 #1172775 #1172781 #1172782 #1172783 #1172999 #1173265 #1173280 #1173428 #1173462 #1173659 Cross-References: CVE-2018-1000199 CVE-2019-16746 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12769 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 122 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-13974: Fixed an integer overflow in drivers/tty/vt/keyboard.c which could have been caused by calling multiple time in a row k_ascii (bsc#1172775). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20810: Fixed a memory leak in due to not calling of snd_card_free (bsc#1172458). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c, where the length of variable elements in a beacon head was not checked, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - Btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - Btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - Btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - Btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - Drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - Drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kABI fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: Remove broken queue flushing (git-fixes). - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" (git fixes (block drivers)). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - README.BRANCH: Replace Matt Fleming with Davidlohr Bueso as maintainer. - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "drm/panel: simple: Add support for Sharp LQ150X1LG11 panels" (bsc#1114279) * offset changes - Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" (bsc#1172221). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - USB: musb: Fix runtime PM imbalance on error (bsc#1051510). - USB: musb: start session in resume for host port (bsc#1051510). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - USB-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-2156=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): cluster-md-kmp-rt-4.12.14-8.23.1 dlm-kmp-rt-4.12.14-8.23.1 gfs2-kmp-rt-4.12.14-8.23.1 kernel-rt-4.12.14-8.23.1 kernel-rt-base-4.12.14-8.23.1 kernel-rt-devel-4.12.14-8.23.1 kernel-rt_debug-devel-4.12.14-8.23.1 kernel-syms-rt-4.12.14-8.23.1 ocfs2-kmp-rt-4.12.14-8.23.1 - SUSE Linux Enterprise Real Time Extension 12-SP4 (noarch): kernel-devel-rt-4.12.14-8.23.1 kernel-source-rt-4.12.14-8.23.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2019-9455.html https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-10690.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10720.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12114.html https://www.suse.com/security/cve/CVE-2020-12464.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12653.html https://www.suse.com/security/cve/CVE-2020-12654.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12657.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1159199 https://bugzilla.suse.com/1160388 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1165183 https://bugzilla.suse.com/1165741 https://bugzilla.suse.com/1166969 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167851 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168503 https://bugzilla.suse.com/1168670 https://bugzilla.suse.com/1169020 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169525 https://bugzilla.suse.com/1169625 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170056 https://bugzilla.suse.com/1170125 https://bugzilla.suse.com/1170145 https://bugzilla.suse.com/1170345 https://bugzilla.suse.com/1170457 https://bugzilla.suse.com/1170522 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1170620 https://bugzilla.suse.com/1170770 https://bugzilla.suse.com/1170778 https://bugzilla.suse.com/1170791 https://bugzilla.suse.com/1170901 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171098 https://bugzilla.suse.com/1171118 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171195 https://bugzilla.suse.com/1171202 https://bugzilla.suse.com/1171205 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171293 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171527 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171599 https://bugzilla.suse.com/1171600 https://bugzilla.suse.com/1171601 https://bugzilla.suse.com/1171602 https://bugzilla.suse.com/1171604 https://bugzilla.suse.com/1171605 https://bugzilla.suse.com/1171606 https://bugzilla.suse.com/1171607 https://bugzilla.suse.com/1171608 https://bugzilla.suse.com/1171609 https://bugzilla.suse.com/1171610 https://bugzilla.suse.com/1171611 https://bugzilla.suse.com/1171612 https://bugzilla.suse.com/1171613 https://bugzilla.suse.com/1171614 https://bugzilla.suse.com/1171615 https://bugzilla.suse.com/1171616 https://bugzilla.suse.com/1171617 https://bugzilla.suse.com/1171618 https://bugzilla.suse.com/1171619 https://bugzilla.suse.com/1171620 https://bugzilla.suse.com/1171621 https://bugzilla.suse.com/1171622 https://bugzilla.suse.com/1171623 https://bugzilla.suse.com/1171624 https://bugzilla.suse.com/1171625 https://bugzilla.suse.com/1171626 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171679 https://bugzilla.suse.com/1171691 https://bugzilla.suse.com/1171694 https://bugzilla.suse.com/1171695 https://bugzilla.suse.com/1171736 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171948 https://bugzilla.suse.com/1171949 https://bugzilla.suse.com/1171951 https://bugzilla.suse.com/1171952 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1172096 https://bugzilla.suse.com/1172097 https://bugzilla.suse.com/1172098 https://bugzilla.suse.com/1172099 https://bugzilla.suse.com/1172101 https://bugzilla.suse.com/1172102 https://bugzilla.suse.com/1172103 https://bugzilla.suse.com/1172104 https://bugzilla.suse.com/1172127 https://bugzilla.suse.com/1172130 https://bugzilla.suse.com/1172185 https://bugzilla.suse.com/1172188 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1172221 https://bugzilla.suse.com/1172253 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172317 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172397 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173659 From sle-updates at lists.suse.com Thu Aug 6 16:33:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 00:33:27 +0200 (CEST) Subject: SUSE-SU-2020:2157-1: important: Security update for python-ipaddress Message-ID: <20200806223327.23DC1FEC3@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2157-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2157=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2157=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2157=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2157=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2157=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2157=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2157=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2157=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2157=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2157=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2157=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2157=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2157=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2157=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2157=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2157=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE OpenStack Cloud 9 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE OpenStack Cloud 8 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE OpenStack Cloud 7 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-ipaddress-1.0.18-3.13.1 - SUSE Enterprise Storage 5 (noarch): python-ipaddress-1.0.18-3.13.1 - HPE Helion Openstack 8 (noarch): python-ipaddress-1.0.18-3.13.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-updates at lists.suse.com Thu Aug 6 16:34:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 00:34:17 +0200 (CEST) Subject: SUSE-SU-2020:2160-1: important: Security update for xen Message-ID: <20200806223417.03CC3FF0B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2160-1 Rating: important References: #1172356 #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2160=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2160=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.1_06-3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.1_06-3.7.1 xen-debugsource-4.13.1_06-3.7.1 xen-devel-4.13.1_06-3.7.1 xen-tools-4.13.1_06-3.7.1 xen-tools-debuginfo-4.13.1_06-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.1_06-3.7.1 xen-libs-4.13.1_06-3.7.1 xen-libs-debuginfo-4.13.1_06-3.7.1 xen-tools-domU-4.13.1_06-3.7.1 xen-tools-domU-debuginfo-4.13.1_06-3.7.1 References: https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 6 19:12:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 03:12:34 +0200 (CEST) Subject: SUSE-RU-2020:2161-1: moderate: Security update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma Message-ID: <20200807011234.2671AFDE4@maintenance.suse.de> SUSE Recommended Update: Security update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2161-1 Rating: moderate References: #1019111 #1107190 #1126503 #1136928 #1153191 #1159046 #1159447 #1160151 #1160152 #1160153 #1160192 #1160790 #1161088 #1161089 #1161670 #1161919 #1163446 #1165022 #1170657 #1171070 #1171071 #1171072 #1171273 #1171594 #1171909 #1172166 #1172167 #1172409 #1172522 #1173413 #1173416 #1173418 #1173420 #1174006 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 10 fixes is now available. Description: This update for ansible1, ardana-ansible, ardana-cobbler, ardana-glance, ardana-input-model, ardana-logging, ardana-manila, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-openstack, grafana, kibana, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-designate, openstack-heat-templates, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-neutron, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, python-Django1, python-Pillow, python-ardana-packager, python-heatclient, python-neutron-tempest-plugin, python-octavia-tempest-plugin, python-os-brick, python-oslo.messaging, python-pyroute2, python-urllib3, python-waitress, release-notes-suse-openstack-cloud, rubygem-activeresource, rubygem-json-1_7, rubygem-puma fixes the following issues: Security fixes included in this update: ansible1: - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503). grafana: - CVE-2020-13379: Fixed an incorrect access control issue which could lead to information leaks or denial of service (bsc#1172409). - CVE-2020-12052: Fixed an cross site scripting vulnerability related to the annotation popup (bsc#1170657). kibana: - CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909). python-Django1 to 1.11.29: - CVE-2020-13254: Fixed a data leakage via malformed memcached keys (bsc#1172167). - CVE-2020-13596: Fixed a cross site scripting vulnerability related to the admin parameters of the ForeignKeyRawIdWidget (bsc#1172166). - CVE-2020-7471: Fixed a SQL injection via StringAgg delimiter (bsc#1161919). - CVE-2020-9402: Fixed a SQL injection via tolerance parameter in GIS functions and aggregates (bsc#1165022). - CVE-2019-19844: Fixed a potential account hijack via password reset form (bsc#1159447). python-Pillow: - CVE-2020-10177: Fixed multiple out-of-bounds reads in libImaging/FliDecode.c (bsc#1173413). - CVE-2020-11538: Fixed multiple out-of-bounds reads via a crafted JP2 files (bsc#1173420). - CVE-2020-10994: Fixed multiple out-of-bounds reads via a crafted JP2 files (bsc#1173418). - CVE-2020-10378: Fixed an out-of-bounds read when reading PCX files (bsc#1173416). - CVE-2019-16865: Fixed a denial of service with specially crafted image files (bsc#1153191). - CVE-2020-5311: Fixed an SGI buffer overflow (bsc#1160151). - CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152). - CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153). - CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py (bsc#1160192). python-waitress to version 1.4.3: - CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: Fixed HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: Fixed HTTP Request Smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length header handling (bsc#1161670). rubygem-activeresource: - CVE-2020-8151: Fixed possible information disclosure through specially crafted requests (bsc#1171560). Non security fixes: Changes in ansible1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in ardana-ansible.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1591138508.e269bdb: * Use internal endpoint for upload image (SOC-11294) - Update to version 9.0+git.1589740968.d339a28: * Reconfigure rabbitmq user permissions on update (SOC-11082) - Update to version 9.0+git.1588953276.b8b5512: * Fix incorrect prefix used to collect supportconfig files (bsc#1171273) Changes in ardana-cobbler.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1588181228.bae3b1f: * Ensure distro_signatures.json gets updated if needed (SOC-11249) Changes in ardana-glance.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1593631708.9354a78: * Idempotent cirros image upload to glance (SOC-11342) Changes in ardana-input-model.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1589740948.c24fc0b: * Add default rabbitmq exchange write permissions (SOC-11082) Changes in ardana-logging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1591193994.d93b668: * kibana: set x-frame-options header (bsc#1171909) Changes in ardana-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1594158642.b5905e4: * Ensure manila_upgrade_mode is initialised appropriately (SOC-11341) - Update to version 9.0+git.1593516580.6c83767: * Skip openstack-manila-share status check during upgrade (SOC-11341) Changes in ardana-monasca.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1589385256.7fbfaaf: * Fix stop start/stop logic (SOC-11209) - Update to version 9.0+git.1588610558.98958f3: * Fix monasca-thresh-wrapper status action (SOC-11209) - Update to version 9.0+git.1588343155.0e67455: * monasca-thresh restart and storm upgrade enhancements (SOC-11209) Changes in ardana-mq.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1593618110.cbd1a37: * Ensure epmd.service started/stopped independent of rabbitmq (SOC-6780) - Update to version 9.0+git.1589715197.9196f62: * Don't mirror reply queues (SOC-10317) Changes in ardana-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1590756257.e09d54f: * Update L3 rootwrap filters (SOC-11306) Changes in ardana-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1590079609.a2ae6ab: * fix octavia to glance communication over internal endpoint (SOC-11294) Changes in ardana-tempest.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 9.0+git.1593033709.9495bb2: * load-balancer: set check timeout to 120 seconds (SOC-11330) - Update to version 9.0+git.1593010160.cb417d7: * Blacklist neutron test_snat_external_ip test (SOC-11279) - Update to version 9.0+git.1592341936.3b5ad41: * Remove blacklisted octavia test (SOC-11289) - Update to version 9.0+git.1592239656.b18289a: * Blacklist NetworkMigration tests (SOC-11279) - Update to version 9.0+git.1590429931.4fa308a: * Install only needed tempest pluguins (SOC-11297) - Update to version 9.0+git.1590164310.9e7888e: * Enable tempest shelve tests (SOC-9775) - Update to version 9.0+git.1590151267.16bddd9: * Add NetworkMigration tests back in neutron filter (SOC-11279) - Update to version 9.0+git.1589460689.e3bd243: * Enable test_delete_policies_while_tenant_attached_to_net test (SOC-9235) - Update to version 9.0+git.1589206665.aedb17d: * Blacklist some NetworkMigration tests (SOC-11279) Changes in crowbar-core.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 6.0+git.1594619891.b75a61d0d: * upgrade: Do not stop pacemaker managed apache service (SOC-11298) - Update to version 6.0+git.1593156244.533c05c01: * Ignore CVE-2020-8184 (SOC-11299) - Update to version 6.0+git.1592589539.e0cbb8c8f: * provisioner: allow tftp access from admin network only (bsc#1019111) - Update to version 6.0+git.1590650924.e7548b2ac: * Ignore latest ruby-related CVEs in the CI (SOC-11299) - Update to version 6.0+git.1589803358.48ba3f4a6: * provisioner: Fix ssh key validation (SOC-11126) - Update to version 6.0+git.1588062060.de79301bf: * upgrade: disable zypper process check temporarily (SOC-11203) Changes in crowbar-openstack.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 6.0+git.1591795073.49cb6400e: * kibana: set x-frame-options header (bsc#1171909, CVE-2020-10743) - Update to version 6.0+git.1591104467.7de344556: * Restore undeprecated nova dhcp_domain option (bsc#1171594) - Update to version 6.0+git.1590579980.5258ac04a: * tempest: Enable shelve tests when using RBD ephemeral (SOC-11176) - Update to version 6.0+git.1589957131.fcfccecc1: * galera: Make sure checks are executed without password (bsc#1136928) - Update to version 6.0+git.1589573559.3bf36a7cd: * rabbitmq: sync startup definitions.json with recipe (SOC-11077,SOC-11274) - Update to version 6.0+git.1589544034.e52fd938a: * trove: fix rabbitmq connection URL (SOC-11286) - Update to version 6.0+git.1589389407.5a306c6d3: * tempest: remove port_admin_state_change workaround (SOC-10029) - Update to version 6.0+git.1588686448.3c0060ca7: * Fix monasca libvirt ping checks (bsc#1107190) - Update to version 6.0+git.1588259003.a4e938422: * run keystone_register on cluster founder only when HA (SOC-11248) * ceilometer: Post API removal cleanup (SOC-10124) - Update to version 6.0+git.1588096476.79154bb30: * nova: run keystone_register on cluster founder only (SOC-11243) Changes in grafana.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Add CVE-2020-13379.patch * Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379) - Add 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch * Security: Fix annotation popup XSS vulnerability (bsc#1170657, CVE-2020-12052) - Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383) - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and Changes in kibana.SUSE_SLE-12-SP4_Update_Products_Cloud9: - Add 0001-Configurable-custom-response-headers-for-server.patch (bsc#1171909, CVE-2020-10743) Changes in openstack-barbican.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - drop python-argparse buildrequires Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version ceilometer-11.1.1.dev7: * [stable-only] Add confluent-kafka to test-requirements - Update to version ceilometer-11.1.1.dev6: * Temporary failures should be treated as temporary Changes in openstack-ceilometer.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version ceilometer-11.1.1.dev7: * [stable-only] Add confluent-kafka to test-requirements - Update to version ceilometer-11.1.1.dev6: * Temporary failures should be treated as temporary Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version cinder-13.0.10.dev12: * Remove VxFlex OS credentials from connection\_properties - Update to version cinder-13.0.10.dev11: * [stable only] Add warning about rbd\_keyring\_conf - Update to version cinder-13.0.10.dev10: * VMAX Driver - Backport fix for Rocky and Queens Changes in openstack-cinder.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - drop obsolete python-argparse buildrequires - Update to version cinder-13.0.10.dev12: * Remove VxFlex OS credentials from connection\_properties - Update to version cinder-13.0.10.dev11: * [stable only] Add warning about rbd\_keyring\_conf - Update to version cinder-13.0.10.dev10: * VMAX Driver - Backport fix for Rocky and Queens Changes in openstack-dashboard.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version horizon-14.1.1.dev6: * Fix tenant\_id for a new port - Update to version horizon-14.1.1.dev5: * Fix .zuul.yaml syntax errors * Gate fix: use tempest-horizon 0.2.0 explicitly * Authenticate before Authorization Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version designate-7.0.2.dev2: * Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings - Update to version designate-7.0.2.dev1: * Pin stable/rocky tempest tests to 0.7.0 tag 7.0.1 Changes in openstack-designate.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version designate-7.0.2.dev2: * Worker should send NOTIFY also to all servers in 'also\_notifies' pool settings - Update to version designate-7.0.2.dev1: * Pin stable/rocky tempest tests to 0.7.0 tag 7.0.1 Changes in openstack-heat-templates.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 0.0.0+git.1582270132.8a20477: * Drop use of git.openstack.org * Add example for running Zun container * OpenDev Migration Patch * Replace openstack.org git:// URLs with https:// * Add sample templates for Blazar * Remove docs, deprecated hooks, tests * Update the bugs link to storyboard * Add an example of OS::Mistral::ExternalResource Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version ironic-11.1.5.dev6: * Fix issue where server fails to reboot - Update to version ironic-11.1.5.dev4: * Fix SpanLength calculation for DRAC RAID configuration Changes in openstack-ironic.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version ironic-11.1.5.dev6: * Fix issue where server fails to reboot - Update to version ironic-11.1.5.dev4: * Fix SpanLength calculation for DRAC RAID configuration Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version keystone-14.2.1.dev4: * Fix security issues with EC2 credentials * Ensure OAuth1 authorized roles are respected - Update to version keystone-14.2.1.dev2: * Check timestamp of signed EC2 token request - Update to version keystone-14.2.1.dev1: * Add cadf auditing to credentials 14.2.0 Changes in openstack-keystone.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Remove patches (merged upstream) * 0002-Check-timestamp-of-signed-EC2-token-request.patch * 0002-Ensure-OAuth1-authorized-roles-are-respected.patch * 0002-Fix-security-issues-with-EC2-credentials.patch - Update to version keystone-14.2.1.dev4: * Fix security issues with EC2 credentials * Ensure OAuth1 authorized roles are respected - Update to version keystone-14.2.1.dev2: * Check timestamp of signed EC2 token request - Add security patches (bsc#1171070, bsc#1171071, bsc#1171072): * 0002-Check-timestamp-of-signed-EC2-token-request.patch * 0002-Ensure-OAuth1-authorized-roles-are-respected.patch * 0002-Fix-security-issues-with-EC2-credentials.patch - Update to version keystone-14.2.1.dev1: * Add cadf auditing to credentials 14.2.0 Changes in openstack-magnum.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - drop obsolete python-argparse buildrequires Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version manila-7.4.2.dev31: * [Unity]: Failed to delete cifs share if wrong access set - Update to version manila-7.4.2.dev29: * [devstack][ci] Move bgp setup to plugin - Update to version manila-7.4.2.dev27: * [devstack][ci] Modify firewall in ds-plugin - Update to version manila-7.4.2.dev25: * [devstack][ci] Set public network ID in tempest.conf * Make manila-tempest-plugin installation optional - Update to version manila-7.4.2.dev21: * fix bug in consume from share - Update to version manila-7.4.2.dev19: * Conditionally restore default route in setup\_ipv6 - Update to version manila-7.4.2.dev18: * [NetApp] Fix driver to honor standard extra specs * [NetApp] cDOT to set valid QoS during migration - Update to version manila-7.4.2.dev14: * Remove provisioned calculation on non thin provision backends - Update to version manila-7.4.2.dev12: * [NetApp] Fix share replica failing for 'transfer in progress' error * [NetApp] Fix share shrink error status * Delete type access list when deleting types * fix bug in quota checking * Prevent share type deletion if linked to group types Changes in openstack-manila.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - drop obsolete python-argparse buildrequires - Update to version manila-7.4.2.dev31: * [Unity]: Failed to delete cifs share if wrong access set - Update to version manila-7.4.2.dev29: * [devstack][ci] Move bgp setup to plugin - Update to version manila-7.4.2.dev27: * [devstack][ci] Modify firewall in ds-plugin - Update to version manila-7.4.2.dev25: * [devstack][ci] Set public network ID in tempest.conf * Make manila-tempest-plugin installation optional - Update to version manila-7.4.2.dev21: * fix bug in consume from share - Update to version manila-7.4.2.dev19: * Conditionally restore default route in setup\_ipv6 - Update to version manila-7.4.2.dev18: * [NetApp] Fix driver to honor standard extra specs * [NetApp] cDOT to set valid QoS during migration - Update to version manila-7.4.2.dev14: * Remove provisioned calculation on non thin provision backends - Update to version manila-7.4.2.dev12: * [NetApp] Fix share replica failing for 'transfer in progress' error * [NetApp] Fix share shrink error status * Delete type access list when deleting types * fix bug in quota checking * Prevent share type deletion if linked to group types Changes in openstack-monasca-agent.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - update to version 2.8.2~dev5 - Fix libvirt ping_checks documentation - update to version 2.8.2~dev3 - Add debug output for libvirt ping checks - Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190) - add addtional arguments to /bin/ip in sudoers - Fix missing sudo privleges (bsc#1107190) - add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers - update to version 2.8.2~dev2 - Remove incorrect assignment of ping_cmd to 'True' - Do not copy /sbin/ip to /usr/bin/monasa-agent-ip Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version neutron-13.0.8.dev68: * [DVR] Related routers should be included if are requested - Update to version neutron-13.0.8.dev67: * [EM releases] Move non-voting jobs to the experimental queue * [OVS] Make QoS OVS agent deletion operations more resilient * Add "igmp\_snooping\_enable" config option for OVS agent - Update to version neutron-13.0.8.dev61: * Unnecessary routers should not be created * Ensure that stale flows are cleaned from phys\_bridges * Do not block connection between br-int and br-phys on startup * Improve log message when port losts its vlan tag * [DVR] Reconfigure re-created physical bridges for dvr routers - Update to version neutron-13.0.8.dev52: * Fix rocky gates, multiple fixes - Update to version neutron-13.0.8.dev51: * Dynamically increase l3 router process queue green pool size - Update to version neutron-13.0.8.dev49: * Allow usage of legacy 3rd-party interface drivers - Update to version neutron-13.0.8.dev47: * Router synch shouldn't return unrelated routers - Update to version neutron-13.0.8.dev45: * Only notify nova of port status changes if configured - Update to version neutron-13.0.8.dev44: * Add Rocky milestone tag for alembic migration revisions - Update to version neutron-13.0.8.dev42: * Cap pycodestyle to be < 2.6.0 * Report L3 extensions enabled in the L3 agent's config - Update to version neutron-13.0.8.dev39: * Adding LOG statements to debug 1838449 - Update to version neutron-13.0.8.dev38: * Improve VLAN allocations synchronization * [L3 HA] Add "no\_track" option to VIPs in keepalived config * Change ovs-agent iteration log level to INFO * Refactor the L3 agent batch notifier * Do not link up HA router gateway in backup node Changes in openstack-neutron.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version neutron-13.0.8.dev68: * [DVR] Related routers should be included if are requested - Add 0001-Revert-Do-not-block-connection-between-br-int-and-br.patch (LP#1887148) - Update to version neutron-13.0.8.dev67: * [EM releases] Move non-voting jobs to the experimental queue * [OVS] Make QoS OVS agent deletion operations more resilient * Add "igmp\_snooping\_enable" config option for OVS agent - Update to version neutron-13.0.8.dev61: * Unnecessary routers should not be created * Ensure that stale flows are cleaned from phys\_bridges * Do not block connection between br-int and br-phys on startup * Improve log message when port losts its vlan tag * [DVR] Reconfigure re-created physical bridges for dvr routers - Update to version neutron-13.0.8.dev52: * Fix rocky gates, multiple fixes - Update to version neutron-13.0.8.dev51: * Dynamically increase l3 router process queue green pool size - Update to version neutron-13.0.8.dev49: * Allow usage of legacy 3rd-party interface drivers - Update to version neutron-13.0.8.dev47: * Router synch shouldn't return unrelated routers - Update to version neutron-13.0.8.dev45: * Only notify nova of port status changes if configured - Update to version neutron-13.0.8.dev44: * Add Rocky milestone tag for alembic migration revisions - Update to version neutron-13.0.8.dev42: * Cap pycodestyle to be < 2.6.0 * Report L3 extensions enabled in the L3 agent's config - Update to version neutron-13.0.8.dev39: * Adding LOG statements to debug 1838449 - Update to version neutron-13.0.8.dev38: * Improve VLAN allocations synchronization * [L3 HA] Add "no\_track" option to VIPs in keepalived config * Change ovs-agent iteration log level to INFO * Refactor the L3 agent batch notifier * Do not link up HA router gateway in backup node Changes in openstack-neutron-vsphere.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - The networking-vsphere repo got moved from github to opendev.org. We no longer able to automatically generate changelogs from opendev.org as it doesn't provide the same API as github. We'll need to manually update it from now on. - update to version 2.0.1~dev167 - Making networking-vsphere run under Python3 - OVSvApp Security Group Changes Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version nova-18.3.1.dev38: * libvirt: Don't delete disks on shared storage during evacuate * Add functional test for bug 1550919 - Update to version nova-18.3.1.dev36: * Fix os\_CODENAME detection and repo refresh during ceph tests - Update to version nova-18.3.1.dev35: * Update scheduler instance info at confirm resize - Update to version nova-18.3.1.dev33: * Reproduce bug 1869050 - Update to version nova-18.3.1.dev31: * Revert "nova shared storage: rbd is always shared storage" - Update to version nova-18.3.1.dev29: * Clean up allocation if unshelve fails due to neutron * Reset the cell cache for database access in Service * Reproduce bug 1862633 * Make RBD imagebackend flatten method idempotent - Update to version nova-18.3.1.dev21: * Add config option for neutron client retries - Update to version nova-18.3.1.dev19: * Add retry to cinder API calls related to volume detach - Update to version nova-18.3.1.dev18: * Lowercase ironic driver hash ring and ignore case in cache Changes in openstack-nova.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version nova-18.3.1.dev38: * libvirt: Don't delete disks on shared storage during evacuate * Add functional test for bug 1550919 - Update to version nova-18.3.1.dev36: * Fix os\_CODENAME detection and repo refresh during ceph tests - Update to version nova-18.3.1.dev35: * Update scheduler instance info at confirm resize - Update to version nova-18.3.1.dev33: * Reproduce bug 1869050 - Update to version nova-18.3.1.dev31: * Revert "nova shared storage: rbd is always shared storage" - Update to version nova-18.3.1.dev29: * Clean up allocation if unshelve fails due to neutron * Reset the cell cache for database access in Service * Reproduce bug 1862633 * Make RBD imagebackend flatten method idempotent - Update to version nova-18.3.1.dev21: * Add config option for neutron client retries - Update to version nova-18.3.1.dev19: * Add retry to cinder API calls related to volume detach - Update to version nova-18.3.1.dev18: * Lowercase ironic driver hash ring and ignore case in cache Changes in openstack-octavia.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update patch for SUSE distro support * Fix osutils.py to handle secondary interfaces (SOC-11289) * Add 020-amphora-logging.conf for configuring log targets - Update to version octavia-3.2.3.dev7: * Fix the amphora noop driver * Validate resource access when creating loadbalancer or member - Update to version octavia-3.2.3.dev3: * Fix Rocky v2 scenario and grenade jobs Changes in openstack-octavia-amphora-image.SUSE_SLE-12-SP4_Update_Products_Cloud9_Upda te: - Update image to 0.1.4 to include latest changes Changes in openstack-resource-agents.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 1.0+git.1569436425.8b9c49f: * Add a configurable delay to Nova Evacuate calls * OpenDev Migration Patch * NovaEvacuate: fix a syntax error * NovaEvacuate: Support the new split-out IHA fence agents with backwards compatibility * NovaEvacuate: Correctly handle stopped hypervisors * neutron-ha-tool: do not replicate dhcp * NovaCompute: Support parsing host option from /etc/nova/nova.conf.d * NovaCompute: Use variable to avoid calling crudini a second time * NovaEvacuate: Allow debug logging to be turned on easily Changes in python-Django1.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844) * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. * Pinned PyYAML < 5.3 in test requirements. * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. * Fixed timezones tests for PyYAML 5.3+. * Fixed CVE-2019-19844 -- Used verified user email for password reset requests. * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs. * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. - Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596) * Added patch CVE-2020-13254.patch * Added patch CVE-2020-13596.patch Changes in python-Pillow.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Add 010-Fix-OOB-reads-in-FLI-decoding.patch * From upstream, backported * Fixes CVE-2020-10177, bsc#1173413 - Add 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch * From upstream, backported * Fixes CVE-2020-11538, bsc#1173420 - Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * From upstream, backported * Fixes CVE-2020-10994, bsc#1173418 - Add 013-Fix-bounds-overflow-in-PCX-decoding.patch * From upstream, backported * Fixes CVE-2020-10378, bsc#1173416 - Remove decompression_bomb.gif and relevant test case to avoid ClamAV scan alerts during build - Add 001-Corrected-negative-seeks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 002-Added-decompression-bomb-checks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 003-Raise-error-if-dimension-is-a-string.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 004-Catch-buffer-overruns.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 005-Catch-PCX-P-mode-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5312, bsc#1160152 - Add 006-Catch-SGI-buffer-overruns.patch * From upstream, backported * Fixes CVE-2020-5311, bsc#1160151 - Add 007-Ensure-previous-FLI-frame-is-loaded.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 008-Catch-FLI-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5313, bsc#1160153 - Add 009-Invalid-number-of-bands-in-FPX-image.patch * From upstream, backported * Fixes CVE-2019-19911, bsc#1160192 Changes in python-ardana-packager.SUSE_SLE-12-SP4_Update_Products_Cloud9: - fetch updated nova_host_aggregate from git - Add missing novaclient required domain entries (bsc#1174006) - update from git repo - Add missing novaclient required domain entries (bsc#1174006) Changes in python-heatclient.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - update to version 1.16.3 - Replace openstack.org git:// URLs with https:// - OpenDev Migration Patch Changes in python-neutron-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update : - added 0002-Ensure-that-external-network-dont-have-any-ports-before-deletion.patch Changes in python-octavia-tempest-plugin.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update : - Fix broken compile options for httpd.bin Changes in python-os-brick.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Apply patches to resolve CVE-2020-10755 (bsc#1172522) - 0001-Remove-VxFlex-OS-credentials-from-connection_propert.patch - 0002-Fix-Remove-VxFlex-OS-credentials-regression.patch Changes in python-oslo.messaging.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - added 0001-Use-default-exchange-for-direct-messaging.patch (SOC-11082, SOC-11274, bsc#1159046) Changes in python-pyroute2.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - update to 0.5.2 * ndb: read-only DB prototype * remote: support communication via stdio * general: fix async keyword -- Python 3.7 compatibility * * * iproute: support monitoring on BSD systems via PF_ROUTE * rtnl: support for SQL schema in message classes * nl80211: improvements * * * * netlink: support generators - update to 0.5.1 * ipdb: #310 -- route keying fix * ipdb: #483, #484 -- callback internals change * ipdb: #499 -- eventloop interface * ipdb: #500 -- fix non-default :: routes * netns: #448 -- API change: setns() doesn't remove FD * netns: #504 -- fix resource leakage * bsd: initial commits - update to 0.5.0 * ACHTUNG: ipdb commit logic is changed * ipdb: do not drop failed transactions * ipdb: #388 -- normalize IPv6 addresses * ipdb: #391 -- support both IPv4 and IPv6 default routes * ipdb: #392 -- fix MPLS route key reference * ipdb: #394 -- correctly work with route priorities * ipdb: #408 -- fix IPv6 routes in tables >= 256 * ipdb: #416 -- fix VRF interfaces creation * ipset: multiple improvements * tuntap: #469 -- support s390x arch * nlsocket: #443 -- fix socket methods resolve order for Python2 * netns: non-destructive `netns.create()` Changes in python-urllib3.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Skip test_source_address_error as we raise different error with fixes that we provide in new python2/3 - Update python-urllib3-recent-date.patch to have RECENT_DATE within the needed boundaries for the test suite. Changes in python-waitress.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - update to 1.4.3 to include fixes for: * CVE-2019-16785 / bsc#1161088 * CVE-2019-16786 / bsc#1161089 * CVE-2019-16789 / bsc#1160790 * CVE-2019-16792 / bsc#1161670 - make sure UTF8 locale is used when runnning tests * Sometimes functional tests executed in python3 failed if stdout was not set to UTF-8. The error message was: ValueError: underlying buffer has been detached - %python3_only -> %python_alternative - update to 1.4.3 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP request smuggling/splitting. - drop patch local-intersphinx-inventories.patch * it was commented out, anyway - update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes - update to 1.3.1 * Waitress won???t accidentally throw away part of the path if it starts with a double slash - version update to 1.3.0 Deprecations ~~~~~~~~~~~~ - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated pending removal in a future release. and https://github.com/Pylons/waitress/pull/246 Features ~~~~~~~~ - Add a new ``outbuf_high_watermark`` adjustment which is used to apply backpressure on the ``app_iter`` to avoid letting it spin faster than data can be written to the socket. This stabilizes responses that iterate quickly with a lot of data. See https://github.com/Pylons/waitress/pull/242 - Stop early and close the ``app_iter`` when attempting to write to a closed socket due to a client disconnect. This should notify a long-lived streaming response when a client hangs up. See https://github.com/Pylons/waitress/pull/238 and https://github.com/Pylons/waitress/pull/240 and https://github.com/Pylons/waitress/pull/241 - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how much waitress will buffer internally before flushing to the kernel, whereas previously it used to also throttle how much data was sent to the kernel. This change enables a streaming ``app_iter`` containing small chunks to still be flushed efficiently. See https://github.com/Pylons/waitress/pull/246 Bugfixes ~~~~~~~~ - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will no longer set the version to the string value "None". See https://github.com/Pylons/waitress/pull/252 and https://github.com/Pylons/waitress/issues/110 - When a client closes a socket unexpectedly there was potential for memory leaks in which data was written to the buffers after they were closed, causing them to reopen. See https://github.com/Pylons/waitress/pull/239 - Fix the queue depth warnings to only show when all threads are busy. See https://github.com/Pylons/waitress/pull/243 and https://github.com/Pylons/waitress/pull/247 - Trigger the ``app_iter`` to close as part of shutdown. This will only be noticeable for users of the internal server api. In more typical operations the server will die before benefiting from these changes. See https://github.com/Pylons/waitress/pull/245 - Fix a bug in which a streaming ``app_iter`` may never cleanup data that has already been sent. This would cause buffers in waitress to grow without bounds. These buffers now properly rotate and release their data. See https://github.com/Pylons/waitress/pull/242 - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger an exception when passed to the ``wsgi.file_wrapper`` callback. See https://github.com/Pylons/waitress/pull/249 - Trim marketing wording and other platform mentions. - Add fetch-intersphinx-inventories.sh to sources - Add local-intersphinx-inventories.patch for generating the docs correctly - update to version 1.2.1: too many changes to list here, see: https://github.com/Pylons/waitress/blob/master/CHANGES.txt or even: https://github.com/Pylons/waitress/commits/master - Remove superfluous devel dependency for noarch package Changes in rubygem-activeresource.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Add bsc#1171560-CVE-2020-8151-encode-id-param.patch Prevent possible information disclosure issue that could allow an attacker to create specially crafted requests to access data in an unexpected way (bsc#1171560 CVE-2020-8151))_ Changes in rubygem-json-1_7.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244) Changes in rubygem-puma.SUSE_SLE-12-SP4_Update_Products_Cloud9_Update: - Fix indentation in gem2rpm.yml_ - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add chunked-request-handling.patch (needed for CVE-2020-11076.patch) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add all patches to gem2rpm.yml Changes in release-notes-suse-openstack-cloud.SUSE_SLE-12-SP4_Update_Products_Cloud9_U pdate: - Update to version 9.20200610: * Terraform support validation release note added (SOC-11314) - Update to version 9.20200504: * language change for accuracy - MANAGEMENT network group (SOC-10106) * add limitation about MANAGEMENT network group (SOC-10106) - Update to version 9.20200429: * Mark identity api v2 as deprecated (bsc#1163446) - Update to version 9.20200428: * Update release notes to indicate Octavia support has shipped (SOC-11241) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2161=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2161=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-openstack-6.0+git.1591795073.49cb6400e-3.25.3 openstack-barbican-7.0.1~dev24-3.9.5 openstack-barbican-api-7.0.1~dev24-3.9.5 openstack-barbican-keystone-listener-7.0.1~dev24-3.9.5 openstack-barbican-retry-7.0.1~dev24-3.9.5 openstack-barbican-worker-7.0.1~dev24-3.9.5 openstack-ceilometer-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-central-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-compute-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-ipmi-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-notification-11.1.1~dev7-3.16.3 openstack-ceilometer-polling-11.1.1~dev7-3.16.3 openstack-cinder-13.0.10~dev12-3.22.4 openstack-cinder-api-13.0.10~dev12-3.22.4 openstack-cinder-backup-13.0.10~dev12-3.22.4 openstack-cinder-scheduler-13.0.10~dev12-3.22.4 openstack-cinder-volume-13.0.10~dev12-3.22.4 openstack-dashboard-14.1.1~dev6-3.15.5 openstack-designate-7.0.2~dev2-3.19.3 openstack-designate-agent-7.0.2~dev2-3.19.3 openstack-designate-api-7.0.2~dev2-3.19.3 openstack-designate-central-7.0.2~dev2-3.19.3 openstack-designate-producer-7.0.2~dev2-3.19.3 openstack-designate-sink-7.0.2~dev2-3.19.3 openstack-designate-worker-7.0.2~dev2-3.19.3 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.6.2 openstack-ironic-11.1.5~dev6-3.19.3 openstack-ironic-api-11.1.5~dev6-3.19.3 openstack-ironic-conductor-11.1.5~dev6-3.19.3 openstack-keystone-14.2.1~dev4-3.22.3 openstack-magnum-7.2.1~dev1-3.13.3 openstack-magnum-api-7.2.1~dev1-3.13.3 openstack-magnum-conductor-7.2.1~dev1-3.13.3 openstack-manila-7.4.2~dev31-4.24.3 openstack-manila-api-7.4.2~dev31-4.24.3 openstack-manila-data-7.4.2~dev31-4.24.3 openstack-manila-scheduler-7.4.2~dev31-4.24.3 openstack-manila-share-7.4.2~dev31-4.24.3 openstack-monasca-agent-2.8.2~dev5-3.9.3 openstack-neutron-13.0.8~dev68-3.25.3 openstack-neutron-dhcp-agent-13.0.8~dev68-3.25.3 openstack-neutron-ha-tool-13.0.8~dev68-3.25.3 openstack-neutron-l3-agent-13.0.8~dev68-3.25.3 openstack-neutron-linuxbridge-agent-13.0.8~dev68-3.25.3 openstack-neutron-macvtap-agent-13.0.8~dev68-3.25.3 openstack-neutron-metadata-agent-13.0.8~dev68-3.25.3 openstack-neutron-metering-agent-13.0.8~dev68-3.25.3 openstack-neutron-openvswitch-agent-13.0.8~dev68-3.25.3 openstack-neutron-server-13.0.8~dev68-3.25.3 openstack-neutron-vsphere-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-doc-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-dvs-agent-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev167-3.3.3 openstack-nova-18.3.1~dev38-3.25.4 openstack-nova-api-18.3.1~dev38-3.25.4 openstack-nova-cells-18.3.1~dev38-3.25.4 openstack-nova-compute-18.3.1~dev38-3.25.4 openstack-nova-conductor-18.3.1~dev38-3.25.4 openstack-nova-console-18.3.1~dev38-3.25.4 openstack-nova-novncproxy-18.3.1~dev38-3.25.4 openstack-nova-placement-api-18.3.1~dev38-3.25.4 openstack-nova-scheduler-18.3.1~dev38-3.25.4 openstack-nova-serialproxy-18.3.1~dev38-3.25.4 openstack-nova-vncproxy-18.3.1~dev38-3.25.4 openstack-octavia-3.2.3~dev7-3.25.3 openstack-octavia-amphora-agent-3.2.3~dev7-3.25.3 openstack-octavia-amphora-image-debugsource-0.1.4-7.12.3 openstack-octavia-amphora-image-x86_64-0.1.4-7.12.3 openstack-octavia-api-3.2.3~dev7-3.25.3 openstack-octavia-health-manager-3.2.3~dev7-3.25.3 openstack-octavia-housekeeping-3.2.3~dev7-3.25.3 openstack-octavia-worker-3.2.3~dev7-3.25.3 openstack-resource-agents-1.0+git.1569436425.8b9c49f-5.3.2 python-Django1-1.11.29-3.15.2 python-barbican-7.0.1~dev24-3.9.5 python-ceilometer-11.1.1~dev7-3.16.3 python-cinder-13.0.10~dev12-3.22.4 python-designate-7.0.2~dev2-3.19.3 python-heatclient-1.16.3-3.3.3 python-heatclient-doc-1.16.3-3.3.3 python-horizon-14.1.1~dev6-3.15.5 python-ironic-11.1.5~dev6-3.19.3 python-keystone-14.2.1~dev4-3.22.3 python-magnum-7.2.1~dev1-3.13.3 python-manila-7.4.2~dev31-4.24.3 python-monasca-agent-2.8.2~dev5-3.9.3 python-networking-vsphere-2.0.1~dev167-3.3.3 python-neutron-13.0.8~dev68-3.25.3 python-neutron-tempest-plugin-0.2.0-3.3.2 python-nova-18.3.1~dev38-3.25.4 python-octavia-3.2.3~dev7-3.25.3 python-openstack_auth-14.1.1~dev6-3.15.5 python-os-brick-2.5.10-3.12.3 python-os-brick-common-2.5.10-3.12.3 python-oslo.messaging-8.1.4-3.6.2 python-pyroute2-0.5.2-4.3.2 python-urllib3-1.23-3.12.2 python-waitress-1.4.3-3.3.1 release-notes-suse-openstack-cloud-9.20200610-3.21.4 - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1594619891.b75a61d0d-3.25.5 crowbar-core-branding-upstream-6.0+git.1594619891.b75a61d0d-3.25.5 grafana-6.2.5-3.12.2 grafana-debuginfo-6.2.5-3.12.2 kibana-4.6.3-4.3.2 kibana-debuginfo-4.6.3-4.3.2 python-Pillow-5.2.0-3.3.2 python-Pillow-debuginfo-5.2.0-3.3.2 python-Pillow-debugsource-5.2.0-3.3.2 python-octavia-tempest-plugin-0.2.0-3.3.2 ruby2.1-rubygem-activeresource-4.0.0-4.3.1 ruby2.1-rubygem-json-1_7-1.7.7-4.3.1 ruby2.1-rubygem-json-1_7-debuginfo-1.7.7-4.3.1 ruby2.1-rubygem-puma-2.16.0-4.9.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.9.1 rubygem-json-1_7-debugsource-1.7.7-4.3.1 rubygem-puma-debugsource-2.16.0-4.9.1 - SUSE OpenStack Cloud 9 (x86_64): grafana-6.2.5-3.12.2 grafana-debuginfo-6.2.5-3.12.2 kibana-4.6.3-4.3.2 kibana-debuginfo-4.6.3-4.3.2 python-Pillow-5.2.0-3.3.2 python-Pillow-debuginfo-5.2.0-3.3.2 python-Pillow-debugsource-5.2.0-3.3.2 python-octavia-tempest-plugin-0.2.0-3.3.2 - SUSE OpenStack Cloud 9 (noarch): ansible1-1.9.6-9.7.2 ardana-ansible-9.0+git.1591138508.e269bdb-3.22.2 ardana-cobbler-9.0+git.1588181228.bae3b1f-3.13.2 ardana-glance-9.0+git.1593631708.9354a78-3.13.2 ardana-input-model-9.0+git.1589740948.c24fc0b-3.19.2 ardana-logging-9.0+git.1591193994.d93b668-3.13.2 ardana-manila-9.0+git.1594158642.b5905e4-3.12.2 ardana-monasca-9.0+git.1589385256.7fbfaaf-3.19.2 ardana-mq-9.0+git.1593618110.cbd1a37-3.16.2 ardana-neutron-9.0+git.1590756257.e09d54f-3.22.2 ardana-octavia-9.0+git.1590079609.a2ae6ab-3.19.2 ardana-tempest-9.0+git.1593033709.9495bb2-3.16.2 openstack-barbican-7.0.1~dev24-3.9.5 openstack-barbican-api-7.0.1~dev24-3.9.5 openstack-barbican-keystone-listener-7.0.1~dev24-3.9.5 openstack-barbican-retry-7.0.1~dev24-3.9.5 openstack-barbican-worker-7.0.1~dev24-3.9.5 openstack-ceilometer-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-central-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-compute-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-ipmi-11.1.1~dev7-3.16.3 openstack-ceilometer-agent-notification-11.1.1~dev7-3.16.3 openstack-ceilometer-polling-11.1.1~dev7-3.16.3 openstack-cinder-13.0.10~dev12-3.22.4 openstack-cinder-api-13.0.10~dev12-3.22.4 openstack-cinder-backup-13.0.10~dev12-3.22.4 openstack-cinder-scheduler-13.0.10~dev12-3.22.4 openstack-cinder-volume-13.0.10~dev12-3.22.4 openstack-dashboard-14.1.1~dev6-3.15.5 openstack-designate-7.0.2~dev2-3.19.3 openstack-designate-agent-7.0.2~dev2-3.19.3 openstack-designate-api-7.0.2~dev2-3.19.3 openstack-designate-central-7.0.2~dev2-3.19.3 openstack-designate-producer-7.0.2~dev2-3.19.3 openstack-designate-sink-7.0.2~dev2-3.19.3 openstack-designate-worker-7.0.2~dev2-3.19.3 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.6.2 openstack-ironic-11.1.5~dev6-3.19.3 openstack-ironic-api-11.1.5~dev6-3.19.3 openstack-ironic-conductor-11.1.5~dev6-3.19.3 openstack-keystone-14.2.1~dev4-3.22.3 openstack-magnum-7.2.1~dev1-3.13.3 openstack-magnum-api-7.2.1~dev1-3.13.3 openstack-magnum-conductor-7.2.1~dev1-3.13.3 openstack-manila-7.4.2~dev31-4.24.3 openstack-manila-api-7.4.2~dev31-4.24.3 openstack-manila-data-7.4.2~dev31-4.24.3 openstack-manila-scheduler-7.4.2~dev31-4.24.3 openstack-manila-share-7.4.2~dev31-4.24.3 openstack-monasca-agent-2.8.2~dev5-3.9.3 openstack-neutron-13.0.8~dev68-3.25.3 openstack-neutron-dhcp-agent-13.0.8~dev68-3.25.3 openstack-neutron-ha-tool-13.0.8~dev68-3.25.3 openstack-neutron-l3-agent-13.0.8~dev68-3.25.3 openstack-neutron-linuxbridge-agent-13.0.8~dev68-3.25.3 openstack-neutron-macvtap-agent-13.0.8~dev68-3.25.3 openstack-neutron-metadata-agent-13.0.8~dev68-3.25.3 openstack-neutron-metering-agent-13.0.8~dev68-3.25.3 openstack-neutron-openvswitch-agent-13.0.8~dev68-3.25.3 openstack-neutron-server-13.0.8~dev68-3.25.3 openstack-neutron-vsphere-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-doc-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-dvs-agent-2.0.1~dev167-3.3.3 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev167-3.3.3 openstack-nova-18.3.1~dev38-3.25.4 openstack-nova-api-18.3.1~dev38-3.25.4 openstack-nova-cells-18.3.1~dev38-3.25.4 openstack-nova-compute-18.3.1~dev38-3.25.4 openstack-nova-conductor-18.3.1~dev38-3.25.4 openstack-nova-console-18.3.1~dev38-3.25.4 openstack-nova-novncproxy-18.3.1~dev38-3.25.4 openstack-nova-placement-api-18.3.1~dev38-3.25.4 openstack-nova-scheduler-18.3.1~dev38-3.25.4 openstack-nova-serialproxy-18.3.1~dev38-3.25.4 openstack-nova-vncproxy-18.3.1~dev38-3.25.4 openstack-octavia-3.2.3~dev7-3.25.3 openstack-octavia-amphora-agent-3.2.3~dev7-3.25.3 openstack-octavia-amphora-image-debugsource-0.1.4-7.12.3 openstack-octavia-amphora-image-x86_64-0.1.4-7.12.3 openstack-octavia-api-3.2.3~dev7-3.25.3 openstack-octavia-health-manager-3.2.3~dev7-3.25.3 openstack-octavia-housekeeping-3.2.3~dev7-3.25.3 openstack-octavia-worker-3.2.3~dev7-3.25.3 openstack-resource-agents-1.0+git.1569436425.8b9c49f-5.3.2 python-Django1-1.11.29-3.15.2 python-ardana-packager-0.0.3-9.3.2 python-barbican-7.0.1~dev24-3.9.5 python-ceilometer-11.1.1~dev7-3.16.3 python-cinder-13.0.10~dev12-3.22.4 python-designate-7.0.2~dev2-3.19.3 python-heatclient-1.16.3-3.3.3 python-heatclient-doc-1.16.3-3.3.3 python-horizon-14.1.1~dev6-3.15.5 python-ironic-11.1.5~dev6-3.19.3 python-keystone-14.2.1~dev4-3.22.3 python-magnum-7.2.1~dev1-3.13.3 python-manila-7.4.2~dev31-4.24.3 python-monasca-agent-2.8.2~dev5-3.9.3 python-networking-vsphere-2.0.1~dev167-3.3.3 python-neutron-13.0.8~dev68-3.25.3 python-neutron-tempest-plugin-0.2.0-3.3.2 python-nova-18.3.1~dev38-3.25.4 python-octavia-3.2.3~dev7-3.25.3 python-openstack_auth-14.1.1~dev6-3.15.5 python-os-brick-2.5.10-3.12.3 python-os-brick-common-2.5.10-3.12.3 python-oslo.messaging-8.1.4-3.6.2 python-pyroute2-0.5.2-4.3.2 python-urllib3-1.23-3.12.2 python-waitress-1.4.3-3.3.1 release-notes-suse-openstack-cloud-9.20200610-3.21.4 venv-openstack-barbican-x86_64-7.0.1~dev24-3.19.3 venv-openstack-cinder-x86_64-13.0.10~dev12-3.19.2 venv-openstack-designate-x86_64-7.0.2~dev2-3.19.2 venv-openstack-glance-x86_64-17.0.1~dev30-3.17.2 venv-openstack-heat-x86_64-11.0.3~dev35-3.19.2 venv-openstack-horizon-x86_64-14.1.1~dev6-4.18.3 venv-openstack-ironic-x86_64-11.1.5~dev6-4.15.2 venv-openstack-keystone-x86_64-14.2.1~dev4-3.19.2 venv-openstack-magnum-x86_64-7.2.1~dev1-4.19.2 venv-openstack-manila-x86_64-7.4.2~dev31-3.21.2 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.19.2 venv-openstack-monasca-x86_64-2.7.1~dev10-3.17.3 venv-openstack-neutron-x86_64-13.0.8~dev68-6.19.2 venv-openstack-nova-x86_64-18.3.1~dev38-3.19.3 venv-openstack-octavia-x86_64-3.2.3~dev7-4.19.2 venv-openstack-sahara-x86_64-9.0.2~dev15-3.19.2 venv-openstack-swift-x86_64-2.19.2~dev48-2.14.2 References: https://www.suse.com/security/cve/CVE-2019-16785.html https://www.suse.com/security/cve/CVE-2019-16786.html https://www.suse.com/security/cve/CVE-2019-16789.html https://www.suse.com/security/cve/CVE-2019-16792.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-19844.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2019-3828.html https://www.suse.com/security/cve/CVE-2020-10177.html https://www.suse.com/security/cve/CVE-2020-10378.html https://www.suse.com/security/cve/CVE-2020-10743.html https://www.suse.com/security/cve/CVE-2020-10755.html https://www.suse.com/security/cve/CVE-2020-10994.html https://www.suse.com/security/cve/CVE-2020-11538.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-13254.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-13596.html https://www.suse.com/security/cve/CVE-2020-5311.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://www.suse.com/security/cve/CVE-2020-7471.html https://www.suse.com/security/cve/CVE-2020-8184.html https://www.suse.com/security/cve/CVE-2020-9402.html https://bugzilla.suse.com/1019111 https://bugzilla.suse.com/1107190 https://bugzilla.suse.com/1126503 https://bugzilla.suse.com/1136928 https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1159046 https://bugzilla.suse.com/1159447 https://bugzilla.suse.com/1160151 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1160790 https://bugzilla.suse.com/1161088 https://bugzilla.suse.com/1161089 https://bugzilla.suse.com/1161670 https://bugzilla.suse.com/1161919 https://bugzilla.suse.com/1163446 https://bugzilla.suse.com/1165022 https://bugzilla.suse.com/1170657 https://bugzilla.suse.com/1171070 https://bugzilla.suse.com/1171071 https://bugzilla.suse.com/1171072 https://bugzilla.suse.com/1171273 https://bugzilla.suse.com/1171594 https://bugzilla.suse.com/1171909 https://bugzilla.suse.com/1172166 https://bugzilla.suse.com/1172167 https://bugzilla.suse.com/1172409 https://bugzilla.suse.com/1172522 https://bugzilla.suse.com/1173413 https://bugzilla.suse.com/1173416 https://bugzilla.suse.com/1173418 https://bugzilla.suse.com/1173420 https://bugzilla.suse.com/1174006 From sle-updates at lists.suse.com Fri Aug 7 00:42:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 08:42:34 +0200 (CEST) Subject: SUSE-CU-2020:383-1: Recommended update of suse/sle15 Message-ID: <20200807064234.1D28EFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:383-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.720 Container Release : 8.2.720 Severity : important Type : recommended References : 1174673 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 From sle-updates at lists.suse.com Fri Aug 7 04:12:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 12:12:57 +0200 (CEST) Subject: SUSE-RU-2020:2163-1: moderate: Recommended update for sapnwbootstrap-formula Message-ID: <20200807101257.88228FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2163-1 Rating: moderate References: #1137989 #1142306 #1160933 #1161898 #1165156 #1170702 #1172432 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sapnwbootstrap-formula fixes the following issues: - Change colocation weight for 'col_saphana_ip' for Azure provider. (jsc#ECO-1965, jsc#SLE-4047) - Use 'gcp' instance name instead of id in 'fence_gce agent'. (bsc#1161898, bsc#1160933) - Adapt the cluster template to use the proper 'gcp agents'. (bsc#1161898, bsc#1160933) - Change the package name to 'prometheus-hanadb_exporter'. (bsc#1165156, jsc#SLE-4143, bsc#1137989) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) - Fix 'srHook' script usage for cost optimized scenario by adding scenario type options to the 'form.yml' file. (bsc#1137989) This update for drbd-formula fixes the following issues: - With the fix of salt-shaptools 0.2.9, doesn't need to estimate a long time for write I/O completion. (jsc#ECO-1965, jsc#SLE-4047) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) - Remove obsolete Groups tag. (fate#326485) - Version 0.3.2, bsc#1142762 - Add drbd-formulas to support build DRBD on top of NFS with salt. (bsc#1142762) - Add SUSE manager support. (jsc#SLE-6970) This update for habootstrap-formula fixes the following issues: - Make diskless 'sbd' and using disks self exclusive. (bsc#1172432, jsc#ECO-1965, jsc#SLE-4047) - Add the option to configure the cluster properties and defaults, and to configure the 'sbd' resource parameters. (bsc#1170702) - Install the correct packages for the GCP resources. (bsc#1161898, bsc#1160933) - Implement option to update hacluster user password and correct 'spec' files. (bsc#1165156, jsc#SLE-4031, bsc#1137989) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) This update for salt-shaptools fixes the following issues: - Make diskless 'sbd' and using disks self exclusive. (bsc#1172432, jsc#ECO-1965, jsc#SLE-4047) - Add the option to configure the cluster properties and defaults, and to configure the 'sbd' resource parameters. (bsc#1170702) - Implement option to update hacluster user password and correct 'spec' files. (jsc#SLE-4143, jsc#SLE-4031, bsc#1137989) This update for saphanabootstrap-formula fixes the following issues: - Change colocation weight for 'col_saphana_ip' for Azure provider. (jsc#ECO-1965, jsc#SLE-4047) - Use 'gcp' instance name instead of id in 'fence_gce agent'. (bsc#1161898, bsc#1160933) - Adapt the cluster template to use the proper 'gcp agents'. (bsc#1161898, bsc#1160933) - Change the package name to 'prometheus-hanadb_exporter'. (jsc#SLE-10545, bsc#1165156, jsc#SLE-4143, bsc#1137989, jsc#SLE-10545) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) - Fix srHook script usage for cost optimized scenario by adding scenario type options to the 'form.yml' file. (bsc#1137989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2163=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2163=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): drbd-formula-0.3.10+git.1591284159.484cfdd-1.3.1 habootstrap-formula-0.3.7+git.1593632732.1599aa2-1.3.1 salt-shaptools-0.3.9+git.1591860067.782f9ce-1.3.1 saphanabootstrap-formula-0.5.10+git.1593632821.35eb74b-1.3.1 sapnwbootstrap-formula-0.4.4+git.1594058536.82f1049-1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): drbd-formula-0.3.10+git.1591284159.484cfdd-1.3.1 habootstrap-formula-0.3.7+git.1593632732.1599aa2-1.3.1 salt-shaptools-0.3.9+git.1591860067.782f9ce-1.3.1 saphanabootstrap-formula-0.5.10+git.1593632821.35eb74b-1.3.1 sapnwbootstrap-formula-0.4.4+git.1594058536.82f1049-1.3.1 References: https://bugzilla.suse.com/1137989 https://bugzilla.suse.com/1142306 https://bugzilla.suse.com/1160933 https://bugzilla.suse.com/1161898 https://bugzilla.suse.com/1165156 https://bugzilla.suse.com/1170702 https://bugzilla.suse.com/1172432 From sle-updates at lists.suse.com Fri Aug 7 04:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 12:14:27 +0200 (CEST) Subject: SUSE-RU-2020:2162-1: moderate: Recommended update for php7 Message-ID: <20200807101427.84957FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for php7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2162-1 Rating: moderate References: #1173786 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for php7 fixes the following issues: - Add 'tmpfiles.d' for 'php-fpm' to provide a base for a socket and fix this error accordingly. (bsc#1173786) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2162=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2162=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.3.1 apache2-mod_php7-debuginfo-7.4.6-3.3.1 php7-7.4.6-3.3.1 php7-bcmath-7.4.6-3.3.1 php7-bcmath-debuginfo-7.4.6-3.3.1 php7-bz2-7.4.6-3.3.1 php7-bz2-debuginfo-7.4.6-3.3.1 php7-calendar-7.4.6-3.3.1 php7-calendar-debuginfo-7.4.6-3.3.1 php7-ctype-7.4.6-3.3.1 php7-ctype-debuginfo-7.4.6-3.3.1 php7-curl-7.4.6-3.3.1 php7-curl-debuginfo-7.4.6-3.3.1 php7-dba-7.4.6-3.3.1 php7-dba-debuginfo-7.4.6-3.3.1 php7-debuginfo-7.4.6-3.3.1 php7-debugsource-7.4.6-3.3.1 php7-devel-7.4.6-3.3.1 php7-dom-7.4.6-3.3.1 php7-dom-debuginfo-7.4.6-3.3.1 php7-enchant-7.4.6-3.3.1 php7-enchant-debuginfo-7.4.6-3.3.1 php7-exif-7.4.6-3.3.1 php7-exif-debuginfo-7.4.6-3.3.1 php7-fastcgi-7.4.6-3.3.1 php7-fastcgi-debuginfo-7.4.6-3.3.1 php7-fileinfo-7.4.6-3.3.1 php7-fileinfo-debuginfo-7.4.6-3.3.1 php7-fpm-7.4.6-3.3.1 php7-fpm-debuginfo-7.4.6-3.3.1 php7-ftp-7.4.6-3.3.1 php7-ftp-debuginfo-7.4.6-3.3.1 php7-gd-7.4.6-3.3.1 php7-gd-debuginfo-7.4.6-3.3.1 php7-gettext-7.4.6-3.3.1 php7-gettext-debuginfo-7.4.6-3.3.1 php7-gmp-7.4.6-3.3.1 php7-gmp-debuginfo-7.4.6-3.3.1 php7-iconv-7.4.6-3.3.1 php7-iconv-debuginfo-7.4.6-3.3.1 php7-intl-7.4.6-3.3.1 php7-intl-debuginfo-7.4.6-3.3.1 php7-json-7.4.6-3.3.1 php7-json-debuginfo-7.4.6-3.3.1 php7-ldap-7.4.6-3.3.1 php7-ldap-debuginfo-7.4.6-3.3.1 php7-mbstring-7.4.6-3.3.1 php7-mbstring-debuginfo-7.4.6-3.3.1 php7-mysql-7.4.6-3.3.1 php7-mysql-debuginfo-7.4.6-3.3.1 php7-odbc-7.4.6-3.3.1 php7-odbc-debuginfo-7.4.6-3.3.1 php7-opcache-7.4.6-3.3.1 php7-opcache-debuginfo-7.4.6-3.3.1 php7-openssl-7.4.6-3.3.1 php7-openssl-debuginfo-7.4.6-3.3.1 php7-pcntl-7.4.6-3.3.1 php7-pcntl-debuginfo-7.4.6-3.3.1 php7-pdo-7.4.6-3.3.1 php7-pdo-debuginfo-7.4.6-3.3.1 php7-pgsql-7.4.6-3.3.1 php7-pgsql-debuginfo-7.4.6-3.3.1 php7-phar-7.4.6-3.3.1 php7-phar-debuginfo-7.4.6-3.3.1 php7-posix-7.4.6-3.3.1 php7-posix-debuginfo-7.4.6-3.3.1 php7-readline-7.4.6-3.3.1 php7-readline-debuginfo-7.4.6-3.3.1 php7-shmop-7.4.6-3.3.1 php7-shmop-debuginfo-7.4.6-3.3.1 php7-snmp-7.4.6-3.3.1 php7-snmp-debuginfo-7.4.6-3.3.1 php7-soap-7.4.6-3.3.1 php7-soap-debuginfo-7.4.6-3.3.1 php7-sockets-7.4.6-3.3.1 php7-sockets-debuginfo-7.4.6-3.3.1 php7-sodium-7.4.6-3.3.1 php7-sodium-debuginfo-7.4.6-3.3.1 php7-sqlite-7.4.6-3.3.1 php7-sqlite-debuginfo-7.4.6-3.3.1 php7-sysvmsg-7.4.6-3.3.1 php7-sysvmsg-debuginfo-7.4.6-3.3.1 php7-sysvsem-7.4.6-3.3.1 php7-sysvsem-debuginfo-7.4.6-3.3.1 php7-sysvshm-7.4.6-3.3.1 php7-sysvshm-debuginfo-7.4.6-3.3.1 php7-tidy-7.4.6-3.3.1 php7-tidy-debuginfo-7.4.6-3.3.1 php7-tokenizer-7.4.6-3.3.1 php7-tokenizer-debuginfo-7.4.6-3.3.1 php7-xmlreader-7.4.6-3.3.1 php7-xmlreader-debuginfo-7.4.6-3.3.1 php7-xmlrpc-7.4.6-3.3.1 php7-xmlrpc-debuginfo-7.4.6-3.3.1 php7-xmlwriter-7.4.6-3.3.1 php7-xmlwriter-debuginfo-7.4.6-3.3.1 php7-xsl-7.4.6-3.3.1 php7-xsl-debuginfo-7.4.6-3.3.1 php7-zip-7.4.6-3.3.1 php7-zip-debuginfo-7.4.6-3.3.1 php7-zlib-7.4.6-3.3.1 php7-zlib-debuginfo-7.4.6-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.3.1 php7-debugsource-7.4.6-3.3.1 php7-embed-7.4.6-3.3.1 php7-embed-debuginfo-7.4.6-3.3.1 References: https://bugzilla.suse.com/1173786 From sle-updates at lists.suse.com Fri Aug 7 07:12:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 15:12:52 +0200 (CEST) Subject: SUSE-RU-2020:2165-1: important: Recommended update for Linux Kernel Message-ID: <20200807131252.2C408FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2165-1 Rating: important References: #1174887 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2165=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2164=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 kernel-default-livepatch-4.12.14-197.51.1 kernel-default-livepatch-devel-4.12.14-197.51.1 kernel-livepatch-4_12_14-197_51-default-1-3.3.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.32.1 kernel-default-debugsource-4.12.14-122.32.1 kernel-default-kgraft-4.12.14-122.32.1 kernel-default-kgraft-devel-4.12.14-122.32.1 kgraft-patch-4_12_14-122_32-default-1-8.3.1 References: https://bugzilla.suse.com/1174887 From sle-updates at lists.suse.com Fri Aug 7 07:13:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 15:13:39 +0200 (CEST) Subject: SUSE-RU-2020:2164-1: important: Recommended update for Linux Kernel Message-ID: <20200807131339.DAB00FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2164-1 Rating: important References: #1174887 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2164=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2164=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2164=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2164=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.32.1 kernel-default-debugsource-4.12.14-122.32.1 kernel-default-extra-4.12.14-122.32.1 kernel-default-extra-debuginfo-4.12.14-122.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.32.1 kernel-obs-build-debugsource-4.12.14-122.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.32.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.32.1 kernel-default-base-4.12.14-122.32.1 kernel-default-base-debuginfo-4.12.14-122.32.1 kernel-default-debuginfo-4.12.14-122.32.1 kernel-default-debugsource-4.12.14-122.32.1 kernel-default-devel-4.12.14-122.32.1 kernel-syms-4.12.14-122.32.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.32.1 kernel-macros-4.12.14-122.32.1 kernel-source-4.12.14-122.32.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.32.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.32.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.32.1 cluster-md-kmp-default-debuginfo-4.12.14-122.32.1 dlm-kmp-default-4.12.14-122.32.1 dlm-kmp-default-debuginfo-4.12.14-122.32.1 gfs2-kmp-default-4.12.14-122.32.1 gfs2-kmp-default-debuginfo-4.12.14-122.32.1 kernel-default-debuginfo-4.12.14-122.32.1 kernel-default-debugsource-4.12.14-122.32.1 ocfs2-kmp-default-4.12.14-122.32.1 ocfs2-kmp-default-debuginfo-4.12.14-122.32.1 References: https://bugzilla.suse.com/1174887 From sle-updates at lists.suse.com Fri Aug 7 07:14:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 15:14:31 +0200 (CEST) Subject: SUSE-RU-2020:2165-1: important: Recommended update for Linux Kernel Message-ID: <20200807131431.648C1FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2165-1 Rating: important References: #1174887 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2165=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2165=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2165=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2165=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2165=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2164=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2165=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 kernel-default-extra-4.12.14-197.51.1 kernel-default-extra-debuginfo-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 kernel-default-livepatch-4.12.14-197.51.1 kernel-default-livepatch-devel-4.12.14-197.51.1 kernel-livepatch-4_12_14-197_51-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 reiserfs-kmp-default-4.12.14-197.51.1 reiserfs-kmp-default-debuginfo-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.51.1 kernel-obs-build-debugsource-4.12.14-197.51.1 kernel-syms-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.51.2 kernel-source-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.51.1 kernel-default-base-4.12.14-197.51.1 kernel-default-base-debuginfo-4.12.14-197.51.1 kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 kernel-default-devel-4.12.14-197.51.1 kernel-default-devel-debuginfo-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.51.1 kernel-macros-4.12.14-197.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.51.1 kernel-zfcpdump-debuginfo-4.12.14-197.51.1 kernel-zfcpdump-debugsource-4.12.14-197.51.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.32.1 kernel-default-debugsource-4.12.14-122.32.1 kernel-default-kgraft-4.12.14-122.32.1 kernel-default-kgraft-devel-4.12.14-122.32.1 kgraft-patch-4_12_14-122_32-default-1-8.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.51.1 cluster-md-kmp-default-debuginfo-4.12.14-197.51.1 dlm-kmp-default-4.12.14-197.51.1 dlm-kmp-default-debuginfo-4.12.14-197.51.1 gfs2-kmp-default-4.12.14-197.51.1 gfs2-kmp-default-debuginfo-4.12.14-197.51.1 kernel-default-debuginfo-4.12.14-197.51.1 kernel-default-debugsource-4.12.14-197.51.1 ocfs2-kmp-default-4.12.14-197.51.1 ocfs2-kmp-default-debuginfo-4.12.14-197.51.1 References: https://bugzilla.suse.com/1174887 From sle-updates at lists.suse.com Fri Aug 7 10:16:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 18:16:01 +0200 (CEST) Subject: SUSE-SU-2020:2167-1: important: Security update for LibVNCServer Message-ID: <20200807161601.49896FEC3@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2167-1 Rating: important References: #1173477 #1173691 #1173694 #1173700 #1173701 #1173743 #1173874 #1173875 #1173876 #1173880 Cross-References: CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2167=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2167=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2167=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2167=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2167=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2167=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2167=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2167=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2167=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2167=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2167=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2167=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2167=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2167=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2167=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2167=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2167=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE OpenStack Cloud 9 (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE OpenStack Cloud 8 (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE OpenStack Cloud 7 (s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 LibVNCServer-devel-0.9.9-17.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 - HPE Helion Openstack 8 (x86_64): LibVNCServer-debugsource-0.9.9-17.31.1 libvncclient0-0.9.9-17.31.1 libvncclient0-debuginfo-0.9.9-17.31.1 libvncserver0-0.9.9-17.31.1 libvncserver0-debuginfo-0.9.9-17.31.1 References: https://www.suse.com/security/cve/CVE-2017-18922.html https://www.suse.com/security/cve/CVE-2018-21247.html https://www.suse.com/security/cve/CVE-2019-20839.html https://www.suse.com/security/cve/CVE-2019-20840.html https://www.suse.com/security/cve/CVE-2020-14397.html https://www.suse.com/security/cve/CVE-2020-14398.html https://www.suse.com/security/cve/CVE-2020-14399.html https://www.suse.com/security/cve/CVE-2020-14400.html https://www.suse.com/security/cve/CVE-2020-14401.html https://www.suse.com/security/cve/CVE-2020-14402.html https://www.suse.com/security/cve/CVE-2020-14403.html https://www.suse.com/security/cve/CVE-2020-14404.html https://bugzilla.suse.com/1173477 https://bugzilla.suse.com/1173691 https://bugzilla.suse.com/1173694 https://bugzilla.suse.com/1173700 https://bugzilla.suse.com/1173701 https://bugzilla.suse.com/1173743 https://bugzilla.suse.com/1173874 https://bugzilla.suse.com/1173875 https://bugzilla.suse.com/1173876 https://bugzilla.suse.com/1173880 From sle-updates at lists.suse.com Fri Aug 7 10:17:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 18:17:50 +0200 (CEST) Subject: SUSE-SU-2020:2166-1: important: Security update for xen Message-ID: <20200807161750.50C9AFDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2166-1 Rating: important References: #1172356 #1174543 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2166=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.3_06-3.21.1 xen-devel-4.12.3_06-3.21.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.3_06-3.21.1 xen-debugsource-4.12.3_06-3.21.1 xen-doc-html-4.12.3_06-3.21.1 xen-libs-32bit-4.12.3_06-3.21.1 xen-libs-4.12.3_06-3.21.1 xen-libs-debuginfo-32bit-4.12.3_06-3.21.1 xen-libs-debuginfo-4.12.3_06-3.21.1 xen-tools-4.12.3_06-3.21.1 xen-tools-debuginfo-4.12.3_06-3.21.1 xen-tools-domU-4.12.3_06-3.21.1 xen-tools-domU-debuginfo-4.12.3_06-3.21.1 References: https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Aug 7 13:12:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 21:12:33 +0200 (CEST) Subject: SUSE-RU-2020:2174-1: important: Recommended update for python-azure-agent Message-ID: <20200807191233.C23EBFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2174-1 Rating: important References: #1173866 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2174=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.45-7.15.1 References: https://bugzilla.suse.com/1173866 From sle-updates at lists.suse.com Fri Aug 7 13:13:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 21:13:20 +0200 (CEST) Subject: SUSE-SU-2020:2171-1: important: Security update for xen Message-ID: <20200807191320.7E292FDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2171-1 Rating: important References: #1163019 #1174543 Cross-References: CVE-2020-8608 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2171=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2171=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2171=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2171=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2171=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2171=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2171=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_10-3.71.1 xen-debugsource-4.9.4_10-3.71.1 xen-doc-html-4.9.4_10-3.71.1 xen-libs-32bit-4.9.4_10-3.71.1 xen-libs-4.9.4_10-3.71.1 xen-libs-debuginfo-32bit-4.9.4_10-3.71.1 xen-libs-debuginfo-4.9.4_10-3.71.1 xen-tools-4.9.4_10-3.71.1 xen-tools-debuginfo-4.9.4_10-3.71.1 xen-tools-domU-4.9.4_10-3.71.1 xen-tools-domU-debuginfo-4.9.4_10-3.71.1 References: https://www.suse.com/security/cve/CVE-2020-8608.html https://bugzilla.suse.com/1163019 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Aug 7 13:14:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 21:14:13 +0200 (CEST) Subject: SUSE-SU-2020:2173-1: moderate: Security update for perl-XML-Twig Message-ID: <20200807191413.80F3AFDE4@maintenance.suse.de> SUSE Security Update: Security update for perl-XML-Twig ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2173-1 Rating: moderate References: #1008644 Cross-References: CVE-2016-9180 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2173=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-XML-Twig-3.44-5.3.1 References: https://www.suse.com/security/cve/CVE-2016-9180.html https://bugzilla.suse.com/1008644 From sle-updates at lists.suse.com Fri Aug 7 13:15:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Aug 2020 21:15:01 +0200 (CEST) Subject: SUSE-SU-2020:2172-1: moderate: Security update for perl-XML-Twig Message-ID: <20200807191501.690D5FDE1@maintenance.suse.de> SUSE Security Update: Security update for perl-XML-Twig ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2172-1 Rating: moderate References: #1008644 Cross-References: CVE-2016-9180 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2172=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2172=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): perl-XML-Twig-3.52-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): perl-XML-Twig-3.52-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-9180.html https://bugzilla.suse.com/1008644 From sle-updates at lists.suse.com Mon Aug 10 04:13:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 12:13:00 +0200 (CEST) Subject: SUSE-RU-2020:2176-1: moderate: Recommended update for drbd Message-ID: <20200810101300.34CF0FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2176-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2176=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): drbd-9.0.11+git.1e2bccdc-10.24.1 drbd-debugsource-9.0.11+git.1e2bccdc-10.24.1 drbd-kmp-default-9.0.11+git.1e2bccdc_k4.4.121_92.138-10.24.1 drbd-kmp-default-debuginfo-9.0.11+git.1e2bccdc_k4.4.121_92.138-10.24.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 04:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 12:13:46 +0200 (CEST) Subject: SUSE-RU-2020:2175-1: moderate: Recommended update for drbd Message-ID: <20200810101346.9F72EFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2175-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2175=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-3.22.1 drbd-debugsource-9.0.14+git.62f906cf-3.22.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.4.180_94.127-3.22.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.4.180_94.127-3.22.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 07:13:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 15:13:43 +0200 (CEST) Subject: SUSE-RU-2020:2182-1: moderate: Recommended update for open-lldp Message-ID: <20200810131343.6BB68FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-lldp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2182-1 Rating: moderate References: #1153520 #1170745 #1171284 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2182=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): liblldp_clif1-1.0.1+63.f977e67-3.3.1 liblldp_clif1-debuginfo-1.0.1+63.f977e67-3.3.1 open-lldp-1.0.1+63.f977e67-3.3.1 open-lldp-debuginfo-1.0.1+63.f977e67-3.3.1 open-lldp-debugsource-1.0.1+63.f977e67-3.3.1 open-lldp-devel-1.0.1+63.f977e67-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): liblldp_clif1-1.0.1+63.f977e67-3.3.1 liblldp_clif1-debuginfo-1.0.1+63.f977e67-3.3.1 open-lldp-1.0.1+63.f977e67-3.3.1 open-lldp-debuginfo-1.0.1+63.f977e67-3.3.1 open-lldp-debugsource-1.0.1+63.f977e67-3.3.1 open-lldp-devel-1.0.1+63.f977e67-3.3.1 References: https://bugzilla.suse.com/1153520 https://bugzilla.suse.com/1170745 https://bugzilla.suse.com/1171284 From sle-updates at lists.suse.com Mon Aug 10 07:14:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 15:14:43 +0200 (CEST) Subject: SUSE-RU-2020:2177-1: moderate: Recommended update for drbd Message-ID: <20200810131443.1730CFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2177-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2177=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.5.1 drbd-debugsource-9.0.14+git.62f906cf-11.5.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.29-11.5.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.29-11.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 07:15:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 15:15:27 +0200 (CEST) Subject: SUSE-SU-2020:2179-1: important: Security update for MozillaThunderbird Message-ID: <20200810131527.2E637FDE4@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2179-1 Rating: important References: #1174538 Cross-References: CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Updated to Mozilla Thunderbird 68.11: * Fixed various security issues (MFSA-2020-35, bsc#1174538). * Fixed CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker (bsc#1174538). * Fixed CVE-2020-6514: WebRTC data channel leaks internal address to peer (bsc#1174538). * Fixed CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture (bsc#1174538). * Fixed CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 (bsc#1174538). * Fixed a bug with FileLink attachments included as a link and file when added from a network drive via drag & drop (bmo#793118). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2179=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2179=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.11.0-3.91.1 MozillaThunderbird-debuginfo-68.11.0-3.91.1 MozillaThunderbird-debugsource-68.11.0-3.91.1 MozillaThunderbird-translations-common-68.11.0-3.91.1 MozillaThunderbird-translations-other-68.11.0-3.91.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.11.0-3.91.1 MozillaThunderbird-debuginfo-68.11.0-3.91.1 MozillaThunderbird-debugsource-68.11.0-3.91.1 MozillaThunderbird-translations-common-68.11.0-3.91.1 MozillaThunderbird-translations-other-68.11.0-3.91.1 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1174538 From sle-updates at lists.suse.com Mon Aug 10 07:16:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 15:16:10 +0200 (CEST) Subject: SUSE-RU-2020:2178-1: moderate: Recommended update for drbd Message-ID: <20200810131610.254FBFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2178-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2178=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-4.12.1 drbd-debugsource-9.0.14+git.62f906cf-4.12.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.57-4.12.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.57-4.12.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 07:16:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 15:16:52 +0200 (CEST) Subject: SUSE-RU-2020:14446-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20200810131652.DB6B7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14446-1 Rating: moderate References: #1082235 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Provide password file for 'certutil -A' due to the change in mozilla-nss 3.35 (bsc#1082235) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-pesign-obs-integration-14446=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-pesign-obs-integration-14446=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): pesign-obs-integration-10.0-0.29.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): pesign-obs-integration-10.0-0.29.3.1 References: https://bugzilla.suse.com/1082235 From sle-updates at lists.suse.com Mon Aug 10 10:12:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 18:12:56 +0200 (CEST) Subject: SUSE-RU-2020:2183-1: Recommended update for lttng-devel Message-ID: <20200810161256.D63D2FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-devel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2183-1 Rating: low References: #1172662 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the lttng-modules-devel subpackage to the Development Tools module. (bsc#1172662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2183=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2183=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2183=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): lttng-tools-debuginfo-2.10.2-3.3.1 lttng-tools-debugsource-2.10.2-3.3.1 lttng-tools-devel-2.10.2-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): lttng-tools-2.10.2-3.3.1 lttng-tools-debuginfo-2.10.2-3.3.1 lttng-tools-debugsource-2.10.2-3.3.1 lttng-tools-devel-2.10.2-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): lttng-tools-2.10.2-3.3.1 lttng-tools-debuginfo-2.10.2-3.3.1 lttng-tools-debugsource-2.10.2-3.3.1 lttng-tools-devel-2.10.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): liblttng-ctl0-2.10.2-3.3.1 liblttng-ctl0-debuginfo-2.10.2-3.3.1 lttng-tools-debuginfo-2.10.2-3.3.1 lttng-tools-debugsource-2.10.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le x86_64): liblttng-ctl0-2.10.2-3.3.1 liblttng-ctl0-debuginfo-2.10.2-3.3.1 lttng-tools-debuginfo-2.10.2-3.3.1 lttng-tools-debugsource-2.10.2-3.3.1 References: https://bugzilla.suse.com/1172662 From sle-updates at lists.suse.com Mon Aug 10 10:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 18:13:41 +0200 (CEST) Subject: SUSE-RU-2020:2186-1: moderate: Recommended update for drbd Message-ID: <20200810161341.23005FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2186-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2186=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-8.11.1 drbd-debugsource-9.0.16+git.ab9777df-8.11.1 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_197.48-8.11.1 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_197.48-8.11.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 10:14:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 18:14:25 +0200 (CEST) Subject: SUSE-RU-2020:2184-1: moderate: Recommended update for drbd Message-ID: <20200810161425.CEE2FFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2184-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of dpdk fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2184=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le x86_64): dpdk-18.11.3-4.8.1 dpdk-debuginfo-18.11.3-4.8.1 dpdk-debugsource-18.11.3-4.8.1 dpdk-devel-18.11.3-4.8.1 dpdk-devel-debuginfo-18.11.3-4.8.1 dpdk-kmp-default-18.11.3_k4.12.14_197.51-4.8.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_197.51-4.8.1 dpdk-tools-18.11.3-4.8.1 dpdk-tools-debuginfo-18.11.3-4.8.1 libdpdk-18_11-18.11.3-4.8.1 libdpdk-18_11-debuginfo-18.11.3-4.8.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 10:15:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 18:15:09 +0200 (CEST) Subject: SUSE-RU-2020:2187-1: moderate: Recommended update for drbd Message-ID: <20200810161509.6F58BFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2187-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2187=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-9.0.22~1+git.fe2b5983-3.2.1 drbd-debugsource-9.0.22~1+git.fe2b5983-3.2.1 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_24.9-3.2.1 drbd-kmp-default-debuginfo-9.0.22~1+git.fe2b5983_k5.3.18_24.9-3.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 10:15:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 18:15:52 +0200 (CEST) Subject: SUSE-RU-2020:2185-1: moderate: Recommended update for drbd Message-ID: <20200810161552.7549AFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2185-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2185=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-3.13.1 drbd-debugsource-9.0.15+git.c46d2790-3.13.1 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_150.55-3.13.1 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_150.55-3.13.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Mon Aug 10 13:12:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 21:12:40 +0200 (CEST) Subject: SUSE-RU-2020:2192-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20200810191240.EF471FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2192-1 Rating: moderate References: #1150672 #1174480 #1174481 #1174664 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - New version: 15.2.20200729. (tracked in bsc#1174664) - Updated SAP HANA on Optane note. (bsc#1174480) - Updated URL for source code download. (bsc#1150672) - Updated bug tracker info & product name. (bsc#1174481) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-2192=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): release-notes-sles-for-sap-15.2.20200729-3.3.2 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1174480 https://bugzilla.suse.com/1174481 https://bugzilla.suse.com/1174664 From sle-updates at lists.suse.com Mon Aug 10 13:13:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 21:13:43 +0200 (CEST) Subject: SUSE-RU-2020:2188-1: moderate: Recommended update for orarun Message-ID: <20200810191343.6A938FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for orarun ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2188-1 Rating: moderate References: #1156307 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for orarun fixes the following issues: - This fixes issue of "Max number of files per process is not set properly by orarun for Oracle database". (bsc#1156307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2188=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): orarun-2.0-14.16.1 References: https://bugzilla.suse.com/1156307 From sle-updates at lists.suse.com Mon Aug 10 13:14:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 21:14:26 +0200 (CEST) Subject: SUSE-RU-2020:2191-1: moderate: Recommended update for release-notes-ha Message-ID: <20200810191426.AB57AFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2191-1 Rating: moderate References: #1150672 #1174481 #1174665 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-ha fixes the following issues: - New version: 15.2.20200729 (tracked in bsc#1174665) - Updated bug tracker info. (bsc#1174481) - Updated URL for source code download. (bsc#1150672) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2191=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): release-notes-ha-15.2.20200729-3.3.2 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1174481 https://bugzilla.suse.com/1174665 From sle-updates at lists.suse.com Mon Aug 10 13:15:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 21:15:23 +0200 (CEST) Subject: SUSE-RU-2020:2189-1: moderate: Recommended update for orarun Message-ID: <20200810191523.67CA2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for orarun ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2189-1 Rating: moderate References: #1173395 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for orarun fixes the following issues: - This fixes issue of "Max number of files per process is not set properly by orarun for Oracle database". (bsc#1173395) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2189=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2189=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): orarun-2.1-7.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (s390x x86_64): orarun-2.1-7.8.1 References: https://bugzilla.suse.com/1173395 From sle-updates at lists.suse.com Mon Aug 10 13:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Aug 2020 21:16:50 +0200 (CEST) Subject: SUSE-RU-2020:2190-1: important: Recommended update for python-azure-agent Message-ID: <20200810191650.435F5FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2190-1 Rating: important References: #1173866 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2190=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.45-34.26.1 References: https://bugzilla.suse.com/1173866 From sle-updates at lists.suse.com Tue Aug 11 00:07:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 08:07:12 +0200 (CEST) Subject: SUSE-CU-2020:384-1: Recommended update of suse/sles12sp3 Message-ID: <20200811060712.DFC0DFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:384-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.183 , suse/sles12sp3:latest Container Release : 24.183 Severity : moderate Type : recommended References : 1163834 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2059-1 Released: Tue Jul 28 11:32:56 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1163834 This update for grep fixes the following issues: Fix for an issue when command 'grep -i' produces bad performance by using multibyte with 'non-utf8' encoding. (bsc#1163834) From sle-updates at lists.suse.com Tue Aug 11 10:13:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:13:09 +0200 (CEST) Subject: SUSE-SU-2020:14447-1: important: Security update for xorg-x11-libX11 Message-ID: <20200811161309.6111BFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14447-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-libX11-14447=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-libX11-14447=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-14447=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-libX11-14447=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.18.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-libX11-7.4-5.11.72.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.18.1 xorg-x11-libX11-debugsource-7.4-5.11.72.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.18.1 xorg-x11-libX11-debugsource-7.4-5.11.72.18.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Tue Aug 11 10:14:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:14:39 +0200 (CEST) Subject: SUSE-SU-2020:2200-1: important: Security update for google-compute-engine Message-ID: <20200811161439.A42D6FEC3@maintenance.suse.de> SUSE Security Update: Security update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2200-1 Rating: important References: #1169978 #1173258 Cross-References: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for google-compute-engine fixes the following issues: - Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258). - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2200=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-54.1 google-compute-engine-oslogin-debuginfo-20190801-54.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190801-54.1 References: https://www.suse.com/security/cve/CVE-2020-8903.html https://www.suse.com/security/cve/CVE-2020-8907.html https://www.suse.com/security/cve/CVE-2020-8933.html https://bugzilla.suse.com/1169978 https://bugzilla.suse.com/1173258 From sle-updates at lists.suse.com Tue Aug 11 10:15:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:15:33 +0200 (CEST) Subject: SUSE-SU-2020:2198-1: important: Security update for webkit2gtk3 Message-ID: <20200811161533.D4E82FEC3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2198-1 Rating: important References: #1174662 Cross-References: CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2198=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2198=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2198=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2198=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2198=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.4-3.60.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1 libwebkit2gtk-4_0-37-2.28.4-3.60.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 webkit2gtk3-devel-2.28.4-3.60.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.28.4-3.60.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.28.4-3.60.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1 libwebkit2gtk-4_0-37-2.28.4-3.60.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 webkit2gtk3-devel-2.28.4-3.60.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.4-3.60.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.4-3.60.1 typelib-1_0-WebKit2-4_0-2.28.4-3.60.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 webkit2gtk3-devel-2.28.4-3.60.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-3.60.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1 libwebkit2gtk-4_0-37-2.28.4-3.60.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libwebkit2gtk3-lang-2.28.4-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.4-3.60.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1 libwebkit2gtk-4_0-37-2.28.4-3.60.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 webkit2gtk3-devel-2.28.4-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.4-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.4-3.60.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.60.1 libwebkit2gtk-4_0-37-2.28.4-3.60.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.60.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.60.1 webkit2gtk3-debugsource-2.28.4-3.60.1 webkit2gtk3-devel-2.28.4-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.28.4-3.60.1 References: https://www.suse.com/security/cve/CVE-2020-9862.html https://www.suse.com/security/cve/CVE-2020-9893.html https://www.suse.com/security/cve/CVE-2020-9894.html https://www.suse.com/security/cve/CVE-2020-9895.html https://www.suse.com/security/cve/CVE-2020-9915.html https://www.suse.com/security/cve/CVE-2020-9925.html https://bugzilla.suse.com/1174662 From sle-updates at lists.suse.com Tue Aug 11 10:16:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:16:20 +0200 (CEST) Subject: SUSE-RU-2020:2204-1: moderate: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) Message-ID: <20200811161620.2D9A1FEC3@maintenance.suse.de> SUSE Recommended Update: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2204-1 Rating: moderate References: #1146991 #1173039 #1173055 #1173165 #1173984 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: = Required Actions == Kubernetes (Security fix) This fix will be applied to the kubelet daemon running on the nodes by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd ates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug. == Cilium Bugfix Cilium will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd ates.html#_generating_an_overview_of_available_addon_updates == Gangway bugfix Gangway will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd ates.html#_generating_an_overview_of_available_addon_updates == Skuba In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_upd ates.html#_update_management_workstation Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-2204=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (x86_64): kubernetes-client-1.17.4-4.18.1 kubernetes-common-1.17.4-4.18.1 - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.2.2-24.26.1 kubernetes-client-1.17.4-4.18.1 kubernetes-common-1.17.4-4.18.1 kubernetes-kubeadm-1.17.4-4.18.1 kubernetes-kubelet-1.17.4-4.18.1 skuba-1.4.1-3.46.1 - SUSE CaaS Platform 4.0 (noarch): skuba-update-1.4.1-3.46.1 References: https://www.suse.com/security/cve/CVE-2020-8557.html https://bugzilla.suse.com/1146991 https://bugzilla.suse.com/1173039 https://bugzilla.suse.com/1173055 https://bugzilla.suse.com/1173165 https://bugzilla.suse.com/1173984 From sle-updates at lists.suse.com Tue Aug 11 10:17:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:17:31 +0200 (CEST) Subject: SUSE-SU-2020:2199-1: important: Security update for webkit2gtk3 Message-ID: <20200811161731.6C672FEC3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2199-1 Rating: important References: #1174662 Cross-References: CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2199=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2199=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.4-3.6.1 typelib-1_0-WebKit2-4_0-2.28.4-3.6.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-3.6.1 webkit2gtk3-debugsource-2.28.4-3.6.1 webkit2gtk3-devel-2.28.4-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-3.6.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-3.6.1 libwebkit2gtk-4_0-37-2.28.4-3.6.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-3.6.1 webkit2gtk-4_0-injected-bundles-2.28.4-3.6.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-3.6.1 webkit2gtk3-debugsource-2.28.4-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.28.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-9862.html https://www.suse.com/security/cve/CVE-2020-9893.html https://www.suse.com/security/cve/CVE-2020-9894.html https://www.suse.com/security/cve/CVE-2020-9895.html https://www.suse.com/security/cve/CVE-2020-9915.html https://www.suse.com/security/cve/CVE-2020-9925.html https://bugzilla.suse.com/1174662 From sle-updates at lists.suse.com Tue Aug 11 10:18:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:18:13 +0200 (CEST) Subject: SUSE-SU-2020:14448-1: important: Security update for xen Message-ID: <20200811161813.8FE01FEC3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14448-1 Rating: important References: #1154456 #1154458 #1161181 #1163019 #1168140 #1169392 #1174543 Cross-References: CVE-2019-18421 CVE-2019-18425 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-7211 CVE-2020-8608 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation - bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-14448=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-14448=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_22_3.0.101_0.47.106.59-45.36.1 xen-kmp-pae-4.2.5_22_3.0.101_0.47.106.59-45.36.1 xen-libs-4.2.5_22-45.36.1 xen-tools-domU-4.2.5_22-45.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_22-45.36.1 xen-debugsource-4.2.5_22-45.36.1 References: https://www.suse.com/security/cve/CVE-2019-18421.html https://www.suse.com/security/cve/CVE-2019-18425.html https://www.suse.com/security/cve/CVE-2020-11740.html https://www.suse.com/security/cve/CVE-2020-11741.html https://www.suse.com/security/cve/CVE-2020-11742.html https://www.suse.com/security/cve/CVE-2020-7211.html https://www.suse.com/security/cve/CVE-2020-8608.html https://bugzilla.suse.com/1154456 https://bugzilla.suse.com/1154458 https://bugzilla.suse.com/1161181 https://bugzilla.suse.com/1163019 https://bugzilla.suse.com/1168140 https://bugzilla.suse.com/1169392 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 11 10:19:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:19:36 +0200 (CEST) Subject: SUSE-SU-2020:2197-1: important: Security update for libX11 Message-ID: <20200811161936.7917CFEC3@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2197-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2197=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2197=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2197=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2197=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2197=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2197=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libX11-6-32bit-1.6.5-3.9.1 libX11-6-32bit-debuginfo-1.6.5-3.9.1 libX11-xcb1-32bit-1.6.5-3.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libX11-6-32bit-1.6.5-3.9.1 libX11-6-32bit-debuginfo-1.6.5-3.9.1 libX11-xcb1-32bit-1.6.5-3.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libX11-6-32bit-1.6.5-3.9.1 libX11-6-32bit-debuginfo-1.6.5-3.9.1 libX11-xcb1-32bit-1.6.5-3.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libX11-6-32bit-1.6.5-3.9.1 libX11-6-32bit-debuginfo-1.6.5-3.9.1 libX11-xcb1-32bit-1.6.5-3.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libX11-6-1.6.5-3.9.1 libX11-6-debuginfo-1.6.5-3.9.1 libX11-debugsource-1.6.5-3.9.1 libX11-devel-1.6.5-3.9.1 libX11-xcb1-1.6.5-3.9.1 libX11-xcb1-debuginfo-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libX11-data-1.6.5-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libX11-6-32bit-1.6.5-3.9.1 libX11-6-32bit-debuginfo-1.6.5-3.9.1 libX11-xcb1-32bit-1.6.5-3.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Tue Aug 11 10:20:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:20:28 +0200 (CEST) Subject: SUSE-SU-2020:2196-1: important: Security update for libX11 Message-ID: <20200811162028.A8A94FDE4@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2196-1 Rating: important References: #1174628 Cross-References: CVE-2020-14344 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2196=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2196=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2196=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2196=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2196=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2196=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2196=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2196=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2196=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2196=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2196=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2196=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2196=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2196=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libX11-data-1.6.2-12.12.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libX11-data-1.6.2-12.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE OpenStack Cloud 9 (noarch): libX11-data-1.6.2-12.12.1 - SUSE OpenStack Cloud 9 (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE OpenStack Cloud 8 (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE OpenStack Cloud 8 (noarch): libX11-data-1.6.2-12.12.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE OpenStack Cloud 7 (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.12.1 libX11-devel-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libX11-data-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libX11-data-1.6.2-12.12.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libX11-6-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 - SUSE Enterprise Storage 5 (x86_64): libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - SUSE Enterprise Storage 5 (noarch): libX11-data-1.6.2-12.12.1 - HPE Helion Openstack 8 (x86_64): libX11-6-1.6.2-12.12.1 libX11-6-32bit-1.6.2-12.12.1 libX11-6-debuginfo-1.6.2-12.12.1 libX11-6-debuginfo-32bit-1.6.2-12.12.1 libX11-debugsource-1.6.2-12.12.1 libX11-xcb1-1.6.2-12.12.1 libX11-xcb1-32bit-1.6.2-12.12.1 libX11-xcb1-debuginfo-1.6.2-12.12.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.12.1 - HPE Helion Openstack 8 (noarch): libX11-data-1.6.2-12.12.1 References: https://www.suse.com/security/cve/CVE-2020-14344.html https://bugzilla.suse.com/1174628 From sle-updates at lists.suse.com Tue Aug 11 10:21:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:21:17 +0200 (CEST) Subject: SUSE-RU-2020:2203-1: moderate: Recommended update for release-notes-caasp Message-ID: <20200811162117.4D426FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-caasp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2203-1 Rating: moderate References: #1175056 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-caasp contains the following fix: - Update to 4.2.2 fixes bsc#1175056 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.2.20200810-4.54.1 References: https://bugzilla.suse.com/1175056 From sle-updates at lists.suse.com Tue Aug 11 10:21:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:21:59 +0200 (CEST) Subject: SUSE-OU-2020:2193-1: Optional update for python-setuptools Message-ID: <20200811162159.01522FDE4@maintenance.suse.de> SUSE Optional Update: Optional update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2193-1 Rating: low References: #1174035 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for python-packaging delivers it to the Public Cloud Module to satisfy python-setuptools dependencies. (bsc#1174035) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2193=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2193=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python-packaging-17.1-2.7.1 python3-packaging-17.1-2.7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-packaging-17.1-2.7.1 python3-packaging-17.1-2.7.1 References: https://bugzilla.suse.com/1174035 From sle-updates at lists.suse.com Tue Aug 11 10:22:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 18:22:43 +0200 (CEST) Subject: SUSE-SU-2020:2194-1: moderate: Security update for dpdk Message-ID: <20200811162243.B419CFDE4@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2194-1 Rating: moderate References: #1156146 #1171477 #1171930 #1174543 Cross-References: CVE-2019-14818 CVE-2020-10722 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for dpdk to version 16.11.9 following issue: - CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146). - CVE-2020-12693: Fixed an authentication bypass via an alternate path or channel (boo#1172004). - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2194=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2194=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2194=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2194=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2194=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2194=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2194=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE OpenStack Cloud 8 (x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): dpdk-thunderx-16.11.9-8.15.10 dpdk-thunderx-debuginfo-16.11.9-8.15.10 dpdk-thunderx-debugsource-16.11.9-8.15.10 dpdk-thunderx-kmp-default-16.11.9_k4.4.180_94.127-8.15.10 dpdk-thunderx-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.10 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE Enterprise Storage 5 (aarch64 x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-tools-16.11.9-8.15.13 - SUSE Enterprise Storage 5 (aarch64): dpdk-thunderx-16.11.9-8.15.10 dpdk-thunderx-debuginfo-16.11.9-8.15.10 dpdk-thunderx-debugsource-16.11.9-8.15.10 dpdk-thunderx-kmp-default-16.11.9_k4.4.180_94.127-8.15.10 dpdk-thunderx-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.10 - SUSE Enterprise Storage 5 (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 - HPE Helion Openstack 8 (x86_64): dpdk-16.11.9-8.15.13 dpdk-debuginfo-16.11.9-8.15.13 dpdk-debugsource-16.11.9-8.15.13 dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15.13 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.127-8.15.13 dpdk-tools-16.11.9-8.15.13 References: https://www.suse.com/security/cve/CVE-2019-14818.html https://www.suse.com/security/cve/CVE-2020-10722.html https://bugzilla.suse.com/1156146 https://bugzilla.suse.com/1171477 https://bugzilla.suse.com/1171930 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 11 13:12:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 21:12:37 +0200 (CEST) Subject: SUSE-RU-2020:2208-1: important: Recommended update for rsyslog Message-ID: <20200811191237.D9D6AFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2208-1 Rating: important References: #1173338 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2208=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2208=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2208=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2208=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2208=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2208=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rsyslog-8.33.1-3.25.1 rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 rsyslog-module-gssapi-8.33.1-3.25.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.25.1 rsyslog-module-gtls-8.33.1-3.25.1 rsyslog-module-gtls-debuginfo-8.33.1-3.25.1 rsyslog-module-mmnormalize-8.33.1-3.25.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.25.1 rsyslog-module-mysql-8.33.1-3.25.1 rsyslog-module-mysql-debuginfo-8.33.1-3.25.1 rsyslog-module-pgsql-8.33.1-3.25.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.25.1 rsyslog-module-relp-8.33.1-3.25.1 rsyslog-module-relp-debuginfo-8.33.1-3.25.1 rsyslog-module-snmp-8.33.1-3.25.1 rsyslog-module-snmp-debuginfo-8.33.1-3.25.1 rsyslog-module-udpspoof-8.33.1-3.25.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rsyslog-8.33.1-3.25.1 rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 rsyslog-module-gssapi-8.33.1-3.25.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.25.1 rsyslog-module-gtls-8.33.1-3.25.1 rsyslog-module-gtls-debuginfo-8.33.1-3.25.1 rsyslog-module-mmnormalize-8.33.1-3.25.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.25.1 rsyslog-module-mysql-8.33.1-3.25.1 rsyslog-module-mysql-debuginfo-8.33.1-3.25.1 rsyslog-module-pgsql-8.33.1-3.25.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.25.1 rsyslog-module-relp-8.33.1-3.25.1 rsyslog-module-relp-debuginfo-8.33.1-3.25.1 rsyslog-module-snmp-8.33.1-3.25.1 rsyslog-module-snmp-debuginfo-8.33.1-3.25.1 rsyslog-module-udpspoof-8.33.1-3.25.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 rsyslog-module-gssapi-8.33.1-3.25.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.25.1 rsyslog-module-gtls-8.33.1-3.25.1 rsyslog-module-gtls-debuginfo-8.33.1-3.25.1 rsyslog-module-mmnormalize-8.33.1-3.25.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.25.1 rsyslog-module-mysql-8.33.1-3.25.1 rsyslog-module-mysql-debuginfo-8.33.1-3.25.1 rsyslog-module-pgsql-8.33.1-3.25.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.25.1 rsyslog-module-relp-8.33.1-3.25.1 rsyslog-module-relp-debuginfo-8.33.1-3.25.1 rsyslog-module-snmp-8.33.1-3.25.1 rsyslog-module-snmp-debuginfo-8.33.1-3.25.1 rsyslog-module-udpspoof-8.33.1-3.25.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.25.1 rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rsyslog-8.33.1-3.25.1 rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 rsyslog-module-gssapi-8.33.1-3.25.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.25.1 rsyslog-module-gtls-8.33.1-3.25.1 rsyslog-module-gtls-debuginfo-8.33.1-3.25.1 rsyslog-module-mmnormalize-8.33.1-3.25.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.25.1 rsyslog-module-mysql-8.33.1-3.25.1 rsyslog-module-mysql-debuginfo-8.33.1-3.25.1 rsyslog-module-pgsql-8.33.1-3.25.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.25.1 rsyslog-module-relp-8.33.1-3.25.1 rsyslog-module-relp-debuginfo-8.33.1-3.25.1 rsyslog-module-snmp-8.33.1-3.25.1 rsyslog-module-snmp-debuginfo-8.33.1-3.25.1 rsyslog-module-udpspoof-8.33.1-3.25.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rsyslog-8.33.1-3.25.1 rsyslog-debuginfo-8.33.1-3.25.1 rsyslog-debugsource-8.33.1-3.25.1 rsyslog-module-gssapi-8.33.1-3.25.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.25.1 rsyslog-module-gtls-8.33.1-3.25.1 rsyslog-module-gtls-debuginfo-8.33.1-3.25.1 rsyslog-module-mmnormalize-8.33.1-3.25.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.25.1 rsyslog-module-mysql-8.33.1-3.25.1 rsyslog-module-mysql-debuginfo-8.33.1-3.25.1 rsyslog-module-pgsql-8.33.1-3.25.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.25.1 rsyslog-module-relp-8.33.1-3.25.1 rsyslog-module-relp-debuginfo-8.33.1-3.25.1 rsyslog-module-snmp-8.33.1-3.25.1 rsyslog-module-snmp-debuginfo-8.33.1-3.25.1 rsyslog-module-udpspoof-8.33.1-3.25.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.25.1 References: https://bugzilla.suse.com/1173338 From sle-updates at lists.suse.com Tue Aug 11 13:13:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 21:13:24 +0200 (CEST) Subject: SUSE-RU-2020:2205-1: important: Recommended update for spacewalk-backend Message-ID: <20200811191324.822B1FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacewalk-backend ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2205-1 Rating: important References: #1174871 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spacewalk-backend fixes the following issues: - version 4.0.34-1 - Fix issues importing RPM packages with long RPM headers (bsc#1174871) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2205=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2205=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.34-3.35.1 spacewalk-backend-4.0.34-3.35.1 spacewalk-backend-app-4.0.34-3.35.1 spacewalk-backend-applet-4.0.34-3.35.1 spacewalk-backend-config-files-4.0.34-3.35.1 spacewalk-backend-config-files-common-4.0.34-3.35.1 spacewalk-backend-config-files-tool-4.0.34-3.35.1 spacewalk-backend-iss-4.0.34-3.35.1 spacewalk-backend-iss-export-4.0.34-3.35.1 spacewalk-backend-package-push-server-4.0.34-3.35.1 spacewalk-backend-server-4.0.34-3.35.1 spacewalk-backend-sql-4.0.34-3.35.1 spacewalk-backend-sql-postgresql-4.0.34-3.35.1 spacewalk-backend-tools-4.0.34-3.35.1 spacewalk-backend-xml-export-libs-4.0.34-3.35.1 spacewalk-backend-xmlrpc-4.0.34-3.35.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.34-3.35.1 spacewalk-backend-4.0.34-3.35.1 References: https://bugzilla.suse.com/1174871 From sle-updates at lists.suse.com Tue Aug 11 13:14:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Aug 2020 21:14:14 +0200 (CEST) Subject: SUSE-RU-2020:2206-1: moderate: Recommended update for cryptctl Message-ID: <20200811191414.416C1FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2206-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: cryptctl was updated to fix the following issue - crypto is shipped into the Basesystem module. (ECO-2067) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2206=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2206=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2206=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2206=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): cryptctl-2.3-2.7.1 cryptctl-debuginfo-2.3-2.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cryptctl-2.3-2.7.1 cryptctl-debuginfo-2.3-2.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cryptctl-2.3-2.7.1 cryptctl-debuginfo-2.3-2.7.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le x86_64): cryptctl-2.3-2.7.1 cryptctl-debuginfo-2.3-2.7.1 References: From sle-updates at lists.suse.com Wed Aug 12 01:43:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 09:43:35 +0200 (CEST) Subject: SUSE-CU-2020:385-1: Security update of caasp/v4/caasp-dex Message-ID: <20200812074335.BF6C9FEC3@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/caasp-dex ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:385-1 Container Tags : caasp/v4/caasp-dex:2.16.0 , caasp/v4/caasp-dex:2.16.0-rev6 , caasp/v4/caasp-dex:2.16.0-rev6-build3.7.1 Container Release : 3.7.1 Severity : important Type : security References : 1007715 1013125 1049825 1051143 1073313 1081947 1081947 1082293 1082318 1084671 1084934 1085196 1087982 1090047 1092100 1092920 1093414 1102840 1103320 1103678 1106214 1106383 1107116 1107121 1110797 1111388 1111499 1114592 1114845 1116995 1120629 1120630 1120631 1121197 1121753 1122417 1123919 1125689 1125886 1127155 1127608 1127701 1130306 1130873 1130873 1131113 1131823 1133297 1133495 1133773 1134226 1135114 1135254 1135534 1135708 1135749 1137001 1137977 1138793 1138869 1139459 1139459 1139795 1139939 1139959 1140039 1140631 1141113 1141897 1142649 1142654 1143055 1143194 1143273 1144047 1144169 1145023 1145521 1145554 1145716 1146027 1146182 1146184 1146415 1146415 1146866 1146947 1146991 1148517 1148788 1148987 1149145 1149332 1149495 1149496 1149511 1149995 1150003 1150137 1150250 1150595 1150734 1151023 1151023 1151377 1151582 1152101 1152590 1152692 1152755 1153351 1153557 1153936 1154019 1154036 1154037 1154256 1154295 1154661 1154803 1154803 1154804 1154805 1154871 1154884 1154887 1155198 1155199 1155205 1155207 1155271 1155298 1155327 1155337 1155338 1155339 1155346 1155574 1155678 1155819 1156158 1156159 1156213 1156300 1156482 1156913 1157198 1157278 1157292 1157315 1157377 1157775 1157794 1157893 1158095 1158095 1158101 1158485 1158763 1158809 1158830 1158921 1158996 1159003 1159314 1159814 1159928 1160039 1160160 1160571 1160594 1160595 1160735 1160764 1160970 1160979 1161215 1161216 1161218 1161219 1161220 1161262 1161436 1161517 1161521 1161779 1161816 1162108 1162108 1162152 1162518 1162698 1162930 1163184 1163922 1164505 1164538 1164543 1164543 1164562 1164717 1164950 1164950 1165011 1165476 1165476 1165539 1165573 1165573 1165579 1165784 1166106 1166260 1166481 1166510 1166510 1166610 1166610 1166748 1166881 1167122 1167122 1167163 1167223 1167631 1167674 1167898 1168076 1168345 1168364 1168699 1168835 1168990 1168990 1169357 1169488 1169512 1169569 1169944 1169947 1169947 1169992 1170527 1170771 1170801 1170801 1171145 1171173 1171224 1171224 1171422 1171863 1171864 1171866 1171872 1171883 1172021 1172072 1172135 1172135 1172295 1172348 1172461 1172506 1172698 1172704 1172925 1172925 1173027 1173039 1173055 1173106 1173165 1173227 1173229 1173422 1173984 1174011 353876 859480 CVE-2017-17740 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-16428 CVE-2018-16429 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2019-12290 CVE-2019-12450 CVE-2019-13012 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1547 CVE-2019-1551 CVE-2019-1563 CVE-2019-15847 CVE-2019-16168 CVE-2019-17543 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-18802 CVE-2019-18900 CVE-2019-19126 CVE-2019-19956 CVE-2019-19956 CVE-2019-20386 CVE-2019-20388 CVE-2019-3687 CVE-2019-3688 CVE-2019-3690 CVE-2019-5094 CVE-2019-5188 CVE-2019-5481 CVE-2019-5482 CVE-2019-9511 CVE-2019-9513 CVE-2020-10029 CVE-2020-10543 CVE-2020-10878 CVE-2020-11501 CVE-2020-12243 CVE-2020-12723 CVE-2020-13777 CVE-2020-1712 CVE-2020-1712 CVE-2020-1730 CVE-2020-1752 CVE-2020-7595 CVE-2020-8013 CVE-2020-8023 CVE-2020-8177 CVE-2020-8557 SLE-6533 SLE-6536 SLE-7687 SLE-8789 SLE-9132 SLE-9171 ----------------------------------------------------------------- The container caasp/v4/caasp-dex was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2626-1 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2742-1 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Type: recommended Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2757-1 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Type: security Severity: moderate References: 1153936,CVE-2019-17543 This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:432-1 Released: Fri Feb 21 14:34:16 2020 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:476-1 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1102840,1160039 This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:547-1 Released: Fri Feb 28 16:26:21 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1148788,1160594,1160764,1161779,1163922,CVE-2019-3687,CVE-2020-8013 This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788) - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:572-1 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1162518 This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:573-1 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1160160 This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:597-1 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950 This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:633-1 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1139939,1151023 This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:668-1 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:475-1 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1160595 This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:726-1 Released: Thu Mar 19 13:23:03 2020 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1125689,1146182,1146184,1159003,1166481,CVE-2019-18802,CVE-2019-9511,CVE-2019-9513 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). - CVE-2019-18802: Fixed malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure (bsc#1159003) Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and cilium-proxy (bsc#1166481) * lib: Add nghttp2_check_authority as public API * lib: Fix the bug that stream is closed with wrong error code * lib: Faster huffman encoding and decoding * build: Avoid filename collision of static and dynamic lib * build: Add new flag ENABLE_STATIC_CRT for Windows * build: cmake: Support building nghttpx with systemd * third-party: Update neverbleed to fix memory leak * nghttpx: Fix bug that mruby is incorrectly shared between backends * nghttpx: Reconnect h1 backend if it lost connection before sending headers * nghttpx: Returns 408 if backend timed out before sending headers * nghttpx: Fix request stal - Conditionally remove dependecy on jemalloc for SLE-12 - Require correct library from devel package - boo#1125689 Update to version 1.39.2 (bsc#1146184, bsc#1146182): * This release fixes CVE-2019-9511 ???Data Dribble??? and CVE-2019-9513 ???Resource Loop??? vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack. * Add nghttp2_option_set_max_outbound_ack API function * nghttpx: Fix request stall Update to version 1.39.1: * This release fixes the bug that log-level is not set with cmd-line or configuration file. It also fixes FPE with default backend. Changes for version 1.39.0: * libnghttp2 now ignores content-length in 200 response to CONNECT request as per RFC 7230. * mruby has been upgraded to 2.0.1. * libnghttp2-asio now supports boost-1.70. * http-parser has been replaced with llhttp. * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:729-1 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1166106 This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:793-1 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-??? - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:814-1 Released: Mon Mar 30 16:23:42 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Type: recommended Severity: moderate References: 1161816,1162152,1167223 This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:820-1 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Type: security Severity: important References: 1167631,CVE-2020-1752 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:834-1 Released: Tue Mar 31 17:21:34 2020 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1167163 This update for permissions fixes the following issue: - whitelist s390-tools set group ID (setgid) bit on log directory. (bsc#1167163) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:846-1 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950,1166748,1167674 This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:961-1 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1160979 This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:967-1 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Type: security Severity: moderate References: 1168699,CVE-2020-1730 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:969-1 Released: Thu Apr 9 11:43:17 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1168364 This update for permissions fixes the following issues: - Fixed spelling of icinga group (bsc#1168364) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:981-1 Released: Mon Apr 13 15:43:44 2020 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1156300 This update for rpm fixes the following issues: - Fix for language package macros to avoid wrong requirement on shared library. (bsc#1156300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1026-1 Released: Fri Apr 17 16:14:43 2020 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1159314 This update for libsolv fixes the following issues: libsolv was updated to version 0.7.11: - fix solv_zchunk decoding error if large chunks are used (bsc#1159314) - treat retracted pathes as irrelevant - made add_update_target work with multiversion installs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1047-1 Released: Tue Apr 21 10:33:06 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1168835 This update for gnutls fixes the following issues: - Backport AES XTS support (bsc#1168835) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1063-1 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1165539,1169569 This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1108-1 Released: Fri Apr 24 16:31:01 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1169992 This update for gnutls fixes the following issues: - FIPS: Do not check for /etc/system-fips which we don't have (bsc#1169992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1175-1 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1165011,1168076 This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1214-1 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1169944 This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1219-1 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170771,CVE-2020-12243 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1271-1 Released: Wed May 13 13:17:59 2020 Summary: Recommended update for permissions Type: recommended Severity: important References: 1171173 This update for permissions fixes the following issues: - Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1290-1 Released: Fri May 15 16:39:59 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1171422 This update for gnutls fixes the following issues: - Add RSA 4096 key generation support in FIPS mode (bsc#1171422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1299-1 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1361-1 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1171872 This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1400-1 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1162930 This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1506-1 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1087982,1170527 This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1532-1 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1172021,CVE-2019-19956 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1579-1 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Type: recommended Severity: important References: 1156159,1172295 This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1584-1 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Type: security Severity: important References: 1172461,1172506,CVE-2020-13777 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1637-1 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Type: recommended Severity: important References: 1169947,1172925 This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1682-1 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Type: security Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2204-1 Released: Tue Aug 11 14:33:37 2020 Summary: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) Type: recommended Severity: moderate References: 1146991,1173039,1173055,1173165,1173984,CVE-2020-8557 = Required Actions == Kubernetes (Security fix) This fix will be applied to the kubelet daemon running on the nodes by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug. == Cilium Bugfix Cilium will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Gangway bugfix Gangway will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation From sle-updates at lists.suse.com Wed Aug 12 01:48:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 09:48:03 +0200 (CEST) Subject: SUSE-CU-2020:386-1: Security update of caasp/v4/cilium Message-ID: <20200812074803.BF878FEC3@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:386-1 Container Tags : caasp/v4/cilium:1.6.6 , caasp/v4/cilium:1.6.6-rev5 , caasp/v4/cilium:1.6.6-rev5-build3.12.1 Container Release : 3.12.1 Severity : important Type : security References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873 1133297 1137001 1139959 1146991 1154803 1154803 1156159 1156913 1157315 1162698 1164538 1164543 1164543 1165476 1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990 1168990 1169357 1169488 1169947 1169947 1170801 1170801 1171145 1171224 1171224 1171863 1171864 1171866 1171883 1172072 1172135 1172135 1172295 1172348 1172410 1172461 1172506 1172597 1172698 1172704 1172925 1172925 1173027 1173039 1173055 1173106 1173165 1173202 1173227 1173229 1173422 1173984 1174011 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012 CVE-2020-10543 CVE-2020-10749 CVE-2020-10878 CVE-2020-12723 CVE-2020-13777 CVE-2020-8023 CVE-2020-8177 CVE-2020-8557 ----------------------------------------------------------------- The container caasp/v4/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1579-1 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Type: recommended Severity: important References: 1156159,1172295 This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1584-1 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Type: security Severity: important References: 1172461,1172506,CVE-2020-13777 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1637-1 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Type: recommended Severity: important References: 1169947,1172925 This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1682-1 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Type: security Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1871-1 Released: Tue Jul 7 15:14:11 2020 Summary: Recommended update for llvm7 Type: recommended Severity: moderate References: 1173202 This update for llvm7 fixes the following issues: - Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1957-1 Released: Mon Jul 20 13:47:31 2020 Summary: Security update for cni-plugins Type: security Severity: moderate References: 1172410,CVE-2020-10749 This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2124-1 Released: Wed Aug 5 09:24:47 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1172597 This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2204-1 Released: Tue Aug 11 14:33:37 2020 Summary: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) Type: recommended Severity: moderate References: 1146991,1173039,1173055,1173165,1173984,CVE-2020-8557 = Required Actions == Kubernetes (Security fix) This fix will be applied to the kubelet daemon running on the nodes by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug. == Cilium Bugfix Cilium will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Gangway bugfix Gangway will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation From sle-updates at lists.suse.com Wed Aug 12 01:49:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 09:49:26 +0200 (CEST) Subject: SUSE-CU-2020:387-1: Security update of caasp/v4/cilium-init Message-ID: <20200812074926.E31DBFEC3@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:387-1 Container Tags : caasp/v4/cilium-init:1.5.3 , caasp/v4/cilium-init:1.5.3-rev5 , caasp/v4/cilium-init:1.5.3-rev5-build3.12.1 Container Release : 3.12.1 Severity : important Type : security References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873 1133297 1137001 1139959 1154803 1154803 1156159 1156913 1157315 1162698 1164538 1164543 1164543 1165476 1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990 1168990 1169357 1169488 1169947 1169947 1170801 1170801 1171145 1171224 1171224 1171863 1171864 1171866 1171883 1172072 1172135 1172135 1172295 1172348 1172461 1172506 1172698 1172704 1172925 1172925 1173027 1173106 1173227 1173229 1173422 1174011 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-13777 CVE-2020-8023 CVE-2020-8177 ----------------------------------------------------------------- The container caasp/v4/cilium-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1579-1 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Type: recommended Severity: important References: 1156159,1172295 This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1584-1 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Type: security Severity: important References: 1172461,1172506,CVE-2020-13777 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1637-1 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Type: recommended Severity: important References: 1169947,1172925 This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1682-1 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Type: security Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) From sle-updates at lists.suse.com Wed Aug 12 01:50:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 09:50:53 +0200 (CEST) Subject: SUSE-CU-2020:388-1: Security update of caasp/v4/cilium-operator Message-ID: <20200812075053.84191FEC3@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:388-1 Container Tags : caasp/v4/cilium-operator:1.6.6 , caasp/v4/cilium-operator:1.6.6-rev5 , caasp/v4/cilium-operator:1.6.6-rev5-build3.12.1 Container Release : 3.12.1 Severity : important Type : security References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873 1133297 1137001 1139959 1146991 1154803 1154803 1156159 1156913 1157315 1162698 1164538 1164543 1164543 1165476 1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990 1168990 1169357 1169488 1169947 1169947 1170801 1170801 1171145 1171224 1171224 1171863 1171864 1171866 1171883 1172072 1172135 1172135 1172295 1172348 1172461 1172506 1172698 1172704 1172925 1172925 1173027 1173039 1173055 1173106 1173165 1173227 1173229 1173422 1173984 1174011 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-13777 CVE-2020-8023 CVE-2020-8177 CVE-2020-8557 ----------------------------------------------------------------- The container caasp/v4/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1579-1 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Type: recommended Severity: important References: 1156159,1172295 This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1584-1 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Type: security Severity: important References: 1172461,1172506,CVE-2020-13777 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1637-1 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Type: recommended Severity: important References: 1169947,1172925 This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1682-1 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Type: security Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2204-1 Released: Tue Aug 11 14:33:37 2020 Summary: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) Type: recommended Severity: moderate References: 1146991,1173039,1173055,1173165,1173984,CVE-2020-8557 = Required Actions == Kubernetes (Security fix) This fix will be applied to the kubelet daemon running on the nodes by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug. == Cilium Bugfix Cilium will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Gangway bugfix Gangway will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation From sle-updates at lists.suse.com Wed Aug 12 01:56:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 09:56:23 +0200 (CEST) Subject: SUSE-CU-2020:389-1: Security update of caasp/v4/gangway Message-ID: <20200812075623.24E77FEC3@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/gangway ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:389-1 Container Tags : caasp/v4/gangway:3.1.0 , caasp/v4/gangway:3.1.0-rev4 , caasp/v4/gangway:3.1.0-rev4-build3.10.1 Container Release : 3.10.1 Severity : important Type : security References : 1007715 1013125 1051143 1082318 1084671 1084934 1087982 1090047 1092920 1093414 1102840 1103320 1103678 1106383 1107116 1107121 1111499 1114592 1123919 1125689 1130873 1130873 1133297 1133495 1135114 1135254 1137001 1138793 1138869 1139459 1139459 1139939 1139959 1140631 1141897 1142649 1142654 1145023 1145554 1146182 1146184 1146415 1146991 1148517 1148788 1148987 1149145 1149332 1149511 1149995 1150595 1150734 1151023 1151023 1151377 1151582 1152590 1152692 1152755 1153351 1154019 1154036 1154037 1154256 1154295 1154661 1154803 1154803 1154804 1154805 1154871 1154884 1154887 1155198 1155199 1155205 1155207 1155271 1155298 1155327 1155337 1155338 1155339 1155346 1155574 1155678 1155819 1156158 1156159 1156213 1156300 1156482 1156913 1157198 1157278 1157292 1157315 1157377 1157775 1157794 1157893 1158095 1158095 1158101 1158485 1158763 1158809 1158830 1158921 1158996 1159003 1159314 1159814 1159928 1160039 1160160 1160571 1160594 1160595 1160735 1160764 1160970 1160979 1161215 1161216 1161218 1161219 1161220 1161262 1161436 1161517 1161521 1161779 1161816 1162108 1162108 1162152 1162518 1162698 1162930 1163184 1163922 1164505 1164538 1164543 1164543 1164562 1164717 1164950 1164950 1165011 1165476 1165476 1165539 1165573 1165573 1165579 1165784 1166106 1166260 1166481 1166510 1166510 1166610 1166610 1166748 1166881 1167122 1167122 1167163 1167223 1167631 1167674 1167898 1168076 1168345 1168364 1168699 1168835 1168990 1168990 1169357 1169488 1169512 1169569 1169944 1169947 1169947 1169992 1170527 1170771 1170801 1170801 1171145 1171173 1171224 1171224 1171422 1171863 1171864 1171866 1171872 1171883 1172021 1172072 1172135 1172135 1172295 1172348 1172461 1172506 1172698 1172704 1172925 1172925 1173027 1173039 1173055 1173106 1173165 1173227 1173229 1173422 1173984 1174011 CVE-2018-16428 CVE-2018-16429 CVE-2019-12290 CVE-2019-12450 CVE-2019-13012 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-1551 CVE-2019-15847 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-18802 CVE-2019-18900 CVE-2019-19126 CVE-2019-19956 CVE-2019-19956 CVE-2019-20386 CVE-2019-20388 CVE-2019-3687 CVE-2019-3688 CVE-2019-3690 CVE-2019-5188 CVE-2019-9511 CVE-2019-9513 CVE-2020-10029 CVE-2020-10543 CVE-2020-10878 CVE-2020-11501 CVE-2020-12243 CVE-2020-12723 CVE-2020-13777 CVE-2020-1712 CVE-2020-1712 CVE-2020-1730 CVE-2020-1752 CVE-2020-7595 CVE-2020-8013 CVE-2020-8023 CVE-2020-8177 CVE-2020-8557 SLE-6533 SLE-6536 SLE-7687 SLE-8789 SLE-9171 ----------------------------------------------------------------- The container caasp/v4/gangway was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2812-1 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2980-1 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Type: optional Severity: low References: 1154019 This update for curl doesn't address any user visible issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3010-1 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Type: recommended Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3070-1 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Type: recommended Severity: low References: 1152755 This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3181-1 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Type: security Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:69-1 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:262-1 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:335-1 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Type: security Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger??? (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:432-1 Released: Fri Feb 21 14:34:16 2020 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:476-1 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1102840,1160039 This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:547-1 Released: Fri Feb 28 16:26:21 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1148788,1160594,1160764,1161779,1163922,CVE-2019-3687,CVE-2020-8013 This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788) - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:572-1 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1162518 This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:573-1 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1160160 This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:597-1 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950 This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:633-1 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1139939,1151023 This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:668-1 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:475-1 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1160595 This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:726-1 Released: Thu Mar 19 13:23:03 2020 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1125689,1146182,1146184,1159003,1166481,CVE-2019-18802,CVE-2019-9511,CVE-2019-9513 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). - CVE-2019-18802: Fixed malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure (bsc#1159003) Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and cilium-proxy (bsc#1166481) * lib: Add nghttp2_check_authority as public API * lib: Fix the bug that stream is closed with wrong error code * lib: Faster huffman encoding and decoding * build: Avoid filename collision of static and dynamic lib * build: Add new flag ENABLE_STATIC_CRT for Windows * build: cmake: Support building nghttpx with systemd * third-party: Update neverbleed to fix memory leak * nghttpx: Fix bug that mruby is incorrectly shared between backends * nghttpx: Reconnect h1 backend if it lost connection before sending headers * nghttpx: Returns 408 if backend timed out before sending headers * nghttpx: Fix request stal - Conditionally remove dependecy on jemalloc for SLE-12 - Require correct library from devel package - boo#1125689 Update to version 1.39.2 (bsc#1146184, bsc#1146182): * This release fixes CVE-2019-9511 ???Data Dribble??? and CVE-2019-9513 ???Resource Loop??? vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack. * Add nghttp2_option_set_max_outbound_ack API function * nghttpx: Fix request stall Update to version 1.39.1: * This release fixes the bug that log-level is not set with cmd-line or configuration file. It also fixes FPE with default backend. Changes for version 1.39.0: * libnghttp2 now ignores content-length in 200 response to CONNECT request as per RFC 7230. * mruby has been upgraded to 2.0.1. * libnghttp2-asio now supports boost-1.70. * http-parser has been replaced with llhttp. * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:729-1 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1166106 This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:793-1 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-??? - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:814-1 Released: Mon Mar 30 16:23:42 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Type: recommended Severity: moderate References: 1161816,1162152,1167223 This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:820-1 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Type: security Severity: important References: 1167631,CVE-2020-1752 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:834-1 Released: Tue Mar 31 17:21:34 2020 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1167163 This update for permissions fixes the following issue: - whitelist s390-tools set group ID (setgid) bit on log directory. (bsc#1167163) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:846-1 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950,1166748,1167674 This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:961-1 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1160979 This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:967-1 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Type: security Severity: moderate References: 1168699,CVE-2020-1730 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:969-1 Released: Thu Apr 9 11:43:17 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1168364 This update for permissions fixes the following issues: - Fixed spelling of icinga group (bsc#1168364) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:981-1 Released: Mon Apr 13 15:43:44 2020 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1156300 This update for rpm fixes the following issues: - Fix for language package macros to avoid wrong requirement on shared library. (bsc#1156300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1026-1 Released: Fri Apr 17 16:14:43 2020 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1159314 This update for libsolv fixes the following issues: libsolv was updated to version 0.7.11: - fix solv_zchunk decoding error if large chunks are used (bsc#1159314) - treat retracted pathes as irrelevant - made add_update_target work with multiversion installs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1047-1 Released: Tue Apr 21 10:33:06 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1168835 This update for gnutls fixes the following issues: - Backport AES XTS support (bsc#1168835) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1063-1 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1165539,1169569 This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1108-1 Released: Fri Apr 24 16:31:01 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1169992 This update for gnutls fixes the following issues: - FIPS: Do not check for /etc/system-fips which we don't have (bsc#1169992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1175-1 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1165011,1168076 This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1214-1 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1169944 This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1219-1 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170771,CVE-2020-12243 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1271-1 Released: Wed May 13 13:17:59 2020 Summary: Recommended update for permissions Type: recommended Severity: important References: 1171173 This update for permissions fixes the following issues: - Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1290-1 Released: Fri May 15 16:39:59 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1171422 This update for gnutls fixes the following issues: - Add RSA 4096 key generation support in FIPS mode (bsc#1171422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1299-1 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1361-1 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1171872 This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1400-1 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1162930 This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1506-1 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1087982,1170527 This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1532-1 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1172021,CVE-2019-19956 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1579-1 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Type: recommended Severity: important References: 1156159,1172295 This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1584-1 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Type: security Severity: important References: 1172461,1172506,CVE-2020-13777 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1637-1 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Type: recommended Severity: important References: 1169947,1172925 This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1682-1 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Type: security Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2204-1 Released: Tue Aug 11 14:33:37 2020 Summary: Bugfixes on cilium, gangway and skuba and security fix for Kubernetes (cve-2020-8557) Type: recommended Severity: moderate References: 1146991,1173039,1173055,1173165,1173984,CVE-2020-8557 = Required Actions == Kubernetes (Security fix) This fix will be applied to the kubelet daemon running on the nodes by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_2 for any known bug. == Cilium Bugfix Cilium will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Gangway bugfix Gangway will be updated by `skuba addon upgrade`. No action is required from your side. For more info see https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_updates.html#_generating_an_overview_of_available_addon_updates == Skuba In order to update skuba, you need to update the admin workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.1/html/caasp-admin/_cluster_updates.html#_update_management_workstation From sle-updates at lists.suse.com Wed Aug 12 04:13:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 12:13:16 +0200 (CEST) Subject: SUSE-RU-2020:2210-1: moderate: Recommended update for osc Message-ID: <20200812101316.447B6FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2210-1 Rating: moderate References: #1173926 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osc fixes the following issues: - Fix for performance issues by assuming utf-8 or latin-1 as default, and speed up decoding. (bsc#1173926) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2210=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2210=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): osc-0.170.0-3.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): osc-0.170.0-3.23.1 References: https://bugzilla.suse.com/1173926 From sle-updates at lists.suse.com Wed Aug 12 04:14:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 12:14:03 +0200 (CEST) Subject: SUSE-RU-2020:2211-1: moderate: Recommended update for nvme-cli Message-ID: <20200812101403.9F8A6FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2211-1 Rating: moderate References: #1172111 #1173561 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Fix for an issue when nvme 'show-regs' fails with 'seahawk2' on 'zz' server. (bsc#1173561) - Fix for nvme reconnect delay option. (bsc#1172111) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2211=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nvme-cli-1.8.1-6.12.1 nvme-cli-debuginfo-1.8.1-6.12.1 nvme-cli-debugsource-1.8.1-6.12.1 References: https://bugzilla.suse.com/1172111 https://bugzilla.suse.com/1173561 From sle-updates at lists.suse.com Wed Aug 12 04:14:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 12:14:56 +0200 (CEST) Subject: SUSE-RU-2020:2212-1: moderate: Recommended update for nvme-cli Message-ID: <20200812101456.4FEE8FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2212-1 Rating: moderate References: #1172111 #1173561 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Fix for an issue when nvme 'show-regs' fails with 'seahawk2' on 'zz' server. (bsc#1173561) - Fix for nvme reconnect delay option. (bsc#1172111) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2212=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nvme-cli-1.8.1-3.3.1 nvme-cli-debuginfo-1.8.1-3.3.1 nvme-cli-debugsource-1.8.1-3.3.1 References: https://bugzilla.suse.com/1172111 https://bugzilla.suse.com/1173561 From sle-updates at lists.suse.com Wed Aug 12 04:15:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 12:15:49 +0200 (CEST) Subject: SUSE-RU-2020:2209-1: moderate: Recommended update for sapnwbootstrap-formula Message-ID: <20200812101549.AA67CFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2209-1 Rating: moderate References: #1137989 #1142306 #1142762 #1160933 #1161898 #1165156 #1170702 #1172432 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for sapnwbootstrap-formula fixes the following issues: - Change colocation weight for 'col_saphana_ip' for Azure provider. (jsc#ECO-1965, jsc#SLE-4047) - Use 'gcp' instance name instead of id in 'fence_gce agent'. (bsc#1161898, bsc#1160933) - Adapt the cluster template to use the proper 'gcp agents'. (bsc#1161898, bsc#1160933) - Change the package name to 'prometheus-hanadb_exporter'. (bsc#1165156, jsc#SLE-4143, bsc#1137989) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) - Fix 'srHook' script usage for cost optimized scenario by adding scenario type options to the 'form.yml' file. (bsc#1137989) - Add drbd-formulas to support build DRBD on top of NFS with salt. (bsc#1142762) This update for drbd-formulas fixes the following issues: - Add SUSE manager support. (jsc#SLE-6970) - Remove obsolete Groups tag. (fate#326485) This update for habootstrap-formula fixes the following issues: - Add the option to configure the cluster properties and defaults, and to configure the 'sbd' resource parameters. (bsc#1170702) - Implement option to update hacluster user password and correct 'spec' files. (bsc#1165156, jsc#SLE-4031, bsc#1137989) This update for salt-shaptools fixes the following issues: - Make diskless 'sbd' and using disks self exclusive. (bsc#1172432, jsc#ECO-1965, jsc#SLE-4047) - Add the option to configure the cluster properties and defaults, and to configure the 'sbd' resource parameters. (bsc#1170702) - Implement option to update hacluster user password and correct 'spec' files. (jsc#SLE-4143, jsc#SLE-4031, bsc#1137989) This update for saphanabootstrap-formula fixes the following issues: - Change colocation weight for 'col_saphana_ip' for Azure provider. (jsc#ECO-1965, jsc#SLE-4047) - Use 'gcp' instance name instead of id in 'fence_gce agent'. (bsc#1161898, bsc#1160933) - Adapt the cluster template to use the proper 'gcp agents'. (bsc#1161898, bsc#1160933) - Change the package name to 'prometheus-hanadb_exporter'. (jsc#SLE-10545, bsc#1165156, jsc#SLE-4143, bsc#1137989, jsc#SLE-10545) - Fix issue with file permissions during package installation in '/usr/share/salt-formulas'. (bsc#1142306) - Fix srHook script usage for cost optimized scenario by adding scenario type options to the 'form.yml' file. (bsc#1137989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2209=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2209=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2209=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): drbd-formula-0.3.10+git.1591284159.484cfdd-4.3.1 habootstrap-formula-0.3.7+git.1593632732.1599aa2-4.3.1 salt-shaptools-0.3.9+git.1591860067.782f9ce-4.3.1 saphanabootstrap-formula-0.5.10+git.1593632821.35eb74b-4.3.1 sapnwbootstrap-formula-0.4.4+git.1594058536.82f1049-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): drbd-formula-0.3.10+git.1591284159.484cfdd-4.3.1 habootstrap-formula-0.3.7+git.1593632732.1599aa2-4.3.1 salt-shaptools-0.3.9+git.1591860067.782f9ce-4.3.1 saphanabootstrap-formula-0.5.10+git.1593632821.35eb74b-4.3.1 sapnwbootstrap-formula-0.4.4+git.1594058536.82f1049-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): drbd-formula-0.3.10+git.1591284159.484cfdd-4.3.1 habootstrap-formula-0.3.7+git.1593632732.1599aa2-4.3.1 salt-shaptools-0.3.9+git.1591860067.782f9ce-4.3.1 saphanabootstrap-formula-0.5.10+git.1593632821.35eb74b-4.3.1 sapnwbootstrap-formula-0.4.4+git.1594058536.82f1049-4.3.1 References: https://bugzilla.suse.com/1137989 https://bugzilla.suse.com/1142306 https://bugzilla.suse.com/1142762 https://bugzilla.suse.com/1160933 https://bugzilla.suse.com/1161898 https://bugzilla.suse.com/1165156 https://bugzilla.suse.com/1170702 https://bugzilla.suse.com/1172432 From sle-updates at lists.suse.com Wed Aug 12 07:15:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 15:15:57 +0200 (CEST) Subject: SUSE-RU-2020:2214-1: moderate: Recommended update for python3-retrying Message-ID: <20200812131557.5600BFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-retrying ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2214-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update ships python3-retrying module as dependency of oci-cli. (jsc#ECO-744) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2214=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2214=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-retrying-1.3.3-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-retrying-1.3.3-3.2.1 References: From sle-updates at lists.suse.com Wed Aug 12 10:18:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 18:18:55 +0200 (CEST) Subject: SUSE-RU-2020:14450-1: moderate: Recommended update for drbd Message-ID: <20200812161855.12B8FFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14450-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-drbd-14450=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): drbd-8.4.4-0.27.11.1 drbd-bash-completion-8.4.4-0.27.11.1 drbd-heartbeat-8.4.4-0.27.11.1 drbd-kmp-default-8.4.4_3.0.101_108.117-0.27.11.2 drbd-kmp-trace-8.4.4_3.0.101_108.117-0.27.11.2 drbd-pacemaker-8.4.4-0.27.11.1 drbd-udev-8.4.4-0.27.11.1 drbd-utils-8.4.4-0.27.11.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): drbd-kmp-xen-8.4.4_3.0.101_108.117-0.27.11.2 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.11.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): drbd-kmp-bigmem-8.4.4_3.0.101_108.117-0.27.11.2 drbd-kmp-ppc64-8.4.4_3.0.101_108.117-0.27.11.2 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): drbd-kmp-pae-8.4.4_3.0.101_108.117-0.27.11.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Aug 12 10:19:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 18:19:39 +0200 (CEST) Subject: SUSE-SU-2020:2216-1: important: Security update for python36 Message-ID: <20200812161939.A0792FEC3@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2216-1 Rating: important References: #1173274 #1174091 Cross-References: CVE-2019-20907 CVE-2020-14422 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python36 fixes the following issues: - CVE-2019-20907, bsc#1174091: avoiding possible infinite loop in specifically crafted tarball. - CVE-2020-14422, bsc#1173274: where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2216=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-4.17.1 libpython3_6m1_0-debuginfo-3.6.10-4.17.1 python36-3.6.10-4.17.1 python36-base-3.6.10-4.17.1 python36-base-debuginfo-3.6.10-4.17.1 python36-base-debugsource-3.6.10-4.17.1 python36-debuginfo-3.6.10-4.17.1 python36-debugsource-3.6.10-4.17.1 References: https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 https://bugzilla.suse.com/1174091 From sle-updates at lists.suse.com Wed Aug 12 10:20:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 18:20:29 +0200 (CEST) Subject: SUSE-SU-2020:2217-1: moderate: Security update for libreoffice Message-ID: <20200812162029.6BA99FDE4@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2217-1 Rating: moderate References: #1062631 #1146025 #1157627 #1165849 #1172053 #1172189 #1172795 #1172796 Cross-References: CVE-2020-12802 CVE-2020-12803 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for libreoffice fixes the following issues: - Update to 6.4.5.2: * Various fixes all around - Remove mime-info and application-registry dirs bsc#1062631 - Fix bsc#1172053 - LO-L3: Image disappears during roundtrip 365->Impress->365 * bsc1172053.diff - Fix bsc#1172189 - LO-L3: Impress crashes midway opening a PPTX document * bsc1172189.diff - Fix bsc#1157627 - LO-L3: Some XML-created shapes simply lost upon PPTX import (= earth loses countries) * bsc1157627.diff - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2217=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libreoffice-6.4.5.2-8.22.1 libreoffice-base-6.4.5.2-8.22.1 libreoffice-base-debuginfo-6.4.5.2-8.22.1 libreoffice-base-drivers-postgresql-6.4.5.2-8.22.1 libreoffice-base-drivers-postgresql-debuginfo-6.4.5.2-8.22.1 libreoffice-calc-6.4.5.2-8.22.1 libreoffice-calc-debuginfo-6.4.5.2-8.22.1 libreoffice-calc-extensions-6.4.5.2-8.22.1 libreoffice-debuginfo-6.4.5.2-8.22.1 libreoffice-debugsource-6.4.5.2-8.22.1 libreoffice-draw-6.4.5.2-8.22.1 libreoffice-draw-debuginfo-6.4.5.2-8.22.1 libreoffice-filters-optional-6.4.5.2-8.22.1 libreoffice-gnome-6.4.5.2-8.22.1 libreoffice-gnome-debuginfo-6.4.5.2-8.22.1 libreoffice-gtk3-6.4.5.2-8.22.1 libreoffice-gtk3-debuginfo-6.4.5.2-8.22.1 libreoffice-impress-6.4.5.2-8.22.1 libreoffice-impress-debuginfo-6.4.5.2-8.22.1 libreoffice-librelogo-6.4.5.2-8.22.1 libreoffice-mailmerge-6.4.5.2-8.22.1 libreoffice-math-6.4.5.2-8.22.1 libreoffice-math-debuginfo-6.4.5.2-8.22.1 libreoffice-officebean-6.4.5.2-8.22.1 libreoffice-officebean-debuginfo-6.4.5.2-8.22.1 libreoffice-pyuno-6.4.5.2-8.22.1 libreoffice-pyuno-debuginfo-6.4.5.2-8.22.1 libreoffice-writer-6.4.5.2-8.22.1 libreoffice-writer-debuginfo-6.4.5.2-8.22.1 libreoffice-writer-extensions-6.4.5.2-8.22.1 libreofficekit-6.4.5.2-8.22.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): libreoffice-branding-upstream-6.4.5.2-8.22.1 libreoffice-icon-themes-6.4.5.2-8.22.1 libreoffice-l10n-af-6.4.5.2-8.22.1 libreoffice-l10n-ar-6.4.5.2-8.22.1 libreoffice-l10n-as-6.4.5.2-8.22.1 libreoffice-l10n-bg-6.4.5.2-8.22.1 libreoffice-l10n-bn-6.4.5.2-8.22.1 libreoffice-l10n-br-6.4.5.2-8.22.1 libreoffice-l10n-ca-6.4.5.2-8.22.1 libreoffice-l10n-cs-6.4.5.2-8.22.1 libreoffice-l10n-cy-6.4.5.2-8.22.1 libreoffice-l10n-da-6.4.5.2-8.22.1 libreoffice-l10n-de-6.4.5.2-8.22.1 libreoffice-l10n-dz-6.4.5.2-8.22.1 libreoffice-l10n-el-6.4.5.2-8.22.1 libreoffice-l10n-en-6.4.5.2-8.22.1 libreoffice-l10n-eo-6.4.5.2-8.22.1 libreoffice-l10n-es-6.4.5.2-8.22.1 libreoffice-l10n-et-6.4.5.2-8.22.1 libreoffice-l10n-eu-6.4.5.2-8.22.1 libreoffice-l10n-fa-6.4.5.2-8.22.1 libreoffice-l10n-fi-6.4.5.2-8.22.1 libreoffice-l10n-fr-6.4.5.2-8.22.1 libreoffice-l10n-ga-6.4.5.2-8.22.1 libreoffice-l10n-gl-6.4.5.2-8.22.1 libreoffice-l10n-gu-6.4.5.2-8.22.1 libreoffice-l10n-he-6.4.5.2-8.22.1 libreoffice-l10n-hi-6.4.5.2-8.22.1 libreoffice-l10n-hr-6.4.5.2-8.22.1 libreoffice-l10n-hu-6.4.5.2-8.22.1 libreoffice-l10n-it-6.4.5.2-8.22.1 libreoffice-l10n-ja-6.4.5.2-8.22.1 libreoffice-l10n-kk-6.4.5.2-8.22.1 libreoffice-l10n-kn-6.4.5.2-8.22.1 libreoffice-l10n-ko-6.4.5.2-8.22.1 libreoffice-l10n-lt-6.4.5.2-8.22.1 libreoffice-l10n-lv-6.4.5.2-8.22.1 libreoffice-l10n-mai-6.4.5.2-8.22.1 libreoffice-l10n-ml-6.4.5.2-8.22.1 libreoffice-l10n-mr-6.4.5.2-8.22.1 libreoffice-l10n-nb-6.4.5.2-8.22.1 libreoffice-l10n-nl-6.4.5.2-8.22.1 libreoffice-l10n-nn-6.4.5.2-8.22.1 libreoffice-l10n-nr-6.4.5.2-8.22.1 libreoffice-l10n-nso-6.4.5.2-8.22.1 libreoffice-l10n-or-6.4.5.2-8.22.1 libreoffice-l10n-pa-6.4.5.2-8.22.1 libreoffice-l10n-pl-6.4.5.2-8.22.1 libreoffice-l10n-pt_BR-6.4.5.2-8.22.1 libreoffice-l10n-pt_PT-6.4.5.2-8.22.1 libreoffice-l10n-ro-6.4.5.2-8.22.1 libreoffice-l10n-ru-6.4.5.2-8.22.1 libreoffice-l10n-si-6.4.5.2-8.22.1 libreoffice-l10n-sk-6.4.5.2-8.22.1 libreoffice-l10n-sl-6.4.5.2-8.22.1 libreoffice-l10n-sr-6.4.5.2-8.22.1 libreoffice-l10n-ss-6.4.5.2-8.22.1 libreoffice-l10n-st-6.4.5.2-8.22.1 libreoffice-l10n-sv-6.4.5.2-8.22.1 libreoffice-l10n-ta-6.4.5.2-8.22.1 libreoffice-l10n-te-6.4.5.2-8.22.1 libreoffice-l10n-th-6.4.5.2-8.22.1 libreoffice-l10n-tn-6.4.5.2-8.22.1 libreoffice-l10n-tr-6.4.5.2-8.22.1 libreoffice-l10n-ts-6.4.5.2-8.22.1 libreoffice-l10n-uk-6.4.5.2-8.22.1 libreoffice-l10n-ve-6.4.5.2-8.22.1 libreoffice-l10n-xh-6.4.5.2-8.22.1 libreoffice-l10n-zh_CN-6.4.5.2-8.22.1 libreoffice-l10n-zh_TW-6.4.5.2-8.22.1 libreoffice-l10n-zu-6.4.5.2-8.22.1 References: https://www.suse.com/security/cve/CVE-2020-12802.html https://www.suse.com/security/cve/CVE-2020-12803.html https://bugzilla.suse.com/1062631 https://bugzilla.suse.com/1146025 https://bugzilla.suse.com/1157627 https://bugzilla.suse.com/1165849 https://bugzilla.suse.com/1172053 https://bugzilla.suse.com/1172189 https://bugzilla.suse.com/1172795 https://bugzilla.suse.com/1172796 From sle-updates at lists.suse.com Wed Aug 12 13:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 21:12:51 +0200 (CEST) Subject: SUSE-RU-2020:2219-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Message-ID: <20200812191251.BFBE2FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2219-1 Rating: moderate References: #1170475 #1170476 #1173238 #1173240 #1173357 #1174618 #1174847 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2219=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2219=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-azuremetadata-5.1.2-1.13.1 supportutils-plugin-suse-public-cloud-1.0.4-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-azuremetadata-5.1.2-1.13.1 supportutils-plugin-suse-public-cloud-1.0.4-3.3.1 References: https://bugzilla.suse.com/1170475 https://bugzilla.suse.com/1170476 https://bugzilla.suse.com/1173238 https://bugzilla.suse.com/1173240 https://bugzilla.suse.com/1173357 https://bugzilla.suse.com/1174618 https://bugzilla.suse.com/1174847 From sle-updates at lists.suse.com Wed Aug 12 13:14:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 21:14:14 +0200 (CEST) Subject: SUSE-RU-2020:2218-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Message-ID: <20200812191414.B8036FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2218-1 Rating: moderate References: #1170475 #1170476 #1173238 #1173240 #1173357 #1174618 #1174847 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2218=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-azuremetadata-5.1.2-1.12.1 supportutils-plugin-suse-public-cloud-1.0.4-6.6.1 References: https://bugzilla.suse.com/1170475 https://bugzilla.suse.com/1170476 https://bugzilla.suse.com/1173238 https://bugzilla.suse.com/1173240 https://bugzilla.suse.com/1173357 https://bugzilla.suse.com/1174618 https://bugzilla.suse.com/1174847 From sle-updates at lists.suse.com Wed Aug 12 13:15:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Aug 2020 21:15:36 +0200 (CEST) Subject: SUSE-RU-2020:2220-1: moderate: Recommended update for hawk2 Message-ID: <20200812191536.14B3CFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2220-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for hawk2 fixes the following issue: Update to version 2.1.2+git.1594886920.d00b94aa: - Update puma rubygem requirement to version 4.3.5 for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2220=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2220=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2220=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debuginfo-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debugsource-2.1.2+git.1594886920.d00b94aa-3.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debuginfo-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debugsource-2.1.2+git.1594886920.d00b94aa-3.12.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debuginfo-2.1.2+git.1594886920.d00b94aa-3.12.1 hawk2-debugsource-2.1.2+git.1594886920.d00b94aa-3.12.1 References: From sle-updates at lists.suse.com Thu Aug 13 04:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 12:13:29 +0200 (CEST) Subject: SUSE-RU-2020:2221-1: moderate: Recommended update for SUSEConnect Message-ID: <20200813101329.37E5DFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2221-1 Rating: moderate References: #1130864 #1155911 #1160007 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2221=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2221=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2221=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2221=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SUSEConnect-0.3.25-3.28.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SUSEConnect-0.3.25-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SUSEConnect-0.3.25-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SUSEConnect-0.3.25-3.28.1 References: https://bugzilla.suse.com/1130864 https://bugzilla.suse.com/1155911 https://bugzilla.suse.com/1160007 From sle-updates at lists.suse.com Thu Aug 13 04:14:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 12:14:31 +0200 (CEST) Subject: SUSE-RU-2020:2222-1: moderate: Recommended update for SUSEConnect Message-ID: <20200813101431.9BCEBFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2222-1 Rating: moderate References: #1130864 #1155911 #1160007 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2222=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.25-7.12.1 References: https://bugzilla.suse.com/1130864 https://bugzilla.suse.com/1155911 https://bugzilla.suse.com/1160007 From sle-updates at lists.suse.com Thu Aug 13 04:15:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 12:15:34 +0200 (CEST) Subject: SUSE-RU-2020:2223-1: moderate: Recommended update for zypper-migration-plugin Message-ID: <20200813101534.94F74FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2223-1 Rating: moderate References: #1100137 #1107238 #1171652 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for zypper-migration-plugin fixes the following issues: - Fix for an issue when not all release packages are installed after migration. (bsc#1171652) - Fix for snapper configuration to avoid migration failures. (jira#SLE-7752) - Fix for the issue when zypper migration tool does not provide a proper exit code if it is not mirrored on registration server. (bsc#1107238) - Fix for failing salt migration by check for closed standard input. (bsc#1100137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2223=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2223=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2223=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2223=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-migration-plugin-0.12.1590748670.86b0749-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-migration-plugin-0.12.1590748670.86b0749-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-migration-plugin-0.12.1590748670.86b0749-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-migration-plugin-0.12.1590748670.86b0749-3.3.1 References: https://bugzilla.suse.com/1100137 https://bugzilla.suse.com/1107238 https://bugzilla.suse.com/1171652 From sle-updates at lists.suse.com Thu Aug 13 04:16:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 12:16:39 +0200 (CEST) Subject: SUSE-RU-2020:2224-1: moderate: Recommended update for glibc Message-ID: <20200813101639.E8C99FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2224-1 Rating: moderate References: #1171878 #1172085 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2224=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2224=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2224=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2224=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.51.1 glibc-debugsource-2.26-13.51.1 glibc-devel-static-2.26-13.51.1 glibc-utils-2.26-13.51.1 glibc-utils-debuginfo-2.26-13.51.1 glibc-utils-src-debugsource-2.26-13.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): glibc-32bit-debuginfo-2.26-13.51.1 glibc-devel-32bit-2.26-13.51.1 glibc-devel-32bit-debuginfo-2.26-13.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.51.1 glibc-debugsource-2.26-13.51.1 glibc-devel-static-2.26-13.51.1 glibc-utils-2.26-13.51.1 glibc-utils-debuginfo-2.26-13.51.1 glibc-utils-src-debugsource-2.26-13.51.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): glibc-32bit-debuginfo-2.26-13.51.1 glibc-devel-32bit-2.26-13.51.1 glibc-devel-32bit-debuginfo-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.51.1 glibc-debuginfo-2.26-13.51.1 glibc-debugsource-2.26-13.51.1 glibc-devel-2.26-13.51.1 glibc-devel-debuginfo-2.26-13.51.1 glibc-extra-2.26-13.51.1 glibc-extra-debuginfo-2.26-13.51.1 glibc-locale-2.26-13.51.1 glibc-locale-base-2.26-13.51.1 glibc-locale-base-debuginfo-2.26-13.51.1 glibc-profile-2.26-13.51.1 nscd-2.26-13.51.1 nscd-debuginfo-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): glibc-i18ndata-2.26-13.51.1 glibc-info-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): glibc-32bit-2.26-13.51.1 glibc-32bit-debuginfo-2.26-13.51.1 glibc-locale-base-32bit-2.26-13.51.1 glibc-locale-base-32bit-debuginfo-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.51.1 glibc-debuginfo-2.26-13.51.1 glibc-debugsource-2.26-13.51.1 glibc-devel-2.26-13.51.1 glibc-devel-debuginfo-2.26-13.51.1 glibc-extra-2.26-13.51.1 glibc-extra-debuginfo-2.26-13.51.1 glibc-locale-2.26-13.51.1 glibc-locale-base-2.26-13.51.1 glibc-locale-base-debuginfo-2.26-13.51.1 glibc-profile-2.26-13.51.1 nscd-2.26-13.51.1 nscd-debuginfo-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glibc-i18ndata-2.26-13.51.1 glibc-info-2.26-13.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): glibc-32bit-2.26-13.51.1 glibc-32bit-debuginfo-2.26-13.51.1 glibc-locale-base-32bit-2.26-13.51.1 glibc-locale-base-32bit-debuginfo-2.26-13.51.1 References: https://bugzilla.suse.com/1171878 https://bugzilla.suse.com/1172085 From sle-updates at lists.suse.com Thu Aug 13 07:13:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:13:11 +0200 (CEST) Subject: SUSE-RU-2020:2230-1: moderate: Recommended update for dpdk Message-ID: <20200813131311.019B0FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2230-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of dpdk fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2230=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2230=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.3-3.11.1 dpdk-debugsource-18.11.3-3.11.1 dpdk-devel-18.11.3-3.11.1 dpdk-devel-debuginfo-18.11.3-3.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.3-3.11.1 dpdk-thunderx-debugsource-18.11.3-3.11.1 dpdk-thunderx-devel-18.11.3-3.11.1 dpdk-thunderx-devel-debuginfo-18.11.3-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.3-3.11.1 dpdk-debuginfo-18.11.3-3.11.1 dpdk-debugsource-18.11.3-3.11.1 dpdk-tools-18.11.3-3.11.1 dpdk-tools-debuginfo-18.11.3-3.11.1 libdpdk-18_11-18.11.3-3.11.1 libdpdk-18_11-debuginfo-18.11.3-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.3-3.11.1 dpdk-thunderx-debuginfo-18.11.3-3.11.1 dpdk-thunderx-debugsource-18.11.3-3.11.1 dpdk-thunderx-kmp-default-18.11.3_k4.12.14_122.32-3.11.1 dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_122.32-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.3_k4.12.14_122.32-3.11.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_122.32-3.11.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 13 07:14:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:14:02 +0200 (CEST) Subject: SUSE-SU-2020:2225-1: moderate: Security update for xerces-c Message-ID: <20200813131402.53CF4FEC3@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2225-1 Rating: moderate References: #1083630 Cross-References: CVE-2017-12627 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2225=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2225=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2225=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2225=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2225=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2225=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2225=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2225=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2225=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2225=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2225=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2225=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2225=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2225=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2225=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE OpenStack Cloud 9 (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE OpenStack Cloud 8 (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE OpenStack Cloud 7 (s390x x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxerces-c-devel-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 - SUSE Enterprise Storage 5 (x86_64): libxerces-c-3_1-3.1.1-13.3.6 libxerces-c-3_1-32bit-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-3.1.1-13.3.6 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.6 xerces-c-debuginfo-3.1.1-13.3.6 xerces-c-debugsource-3.1.1-13.3.6 References: https://www.suse.com/security/cve/CVE-2017-12627.html https://bugzilla.suse.com/1083630 From sle-updates at lists.suse.com Thu Aug 13 07:14:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:14:58 +0200 (CEST) Subject: SUSE-SU-2020:2232-1: important: Security update for webkit2gtk3 Message-ID: <20200813131458.0D7F0FDE4@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2232-1 Rating: important References: #1174662 Cross-References: CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2232=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2232=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2232=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2232=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2232=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2232=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2232=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2232=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2232=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2232=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2232=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2232=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2232=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2232=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2232=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2232=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2232=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 webkit2gtk3-devel-2.28.4-2.59.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 webkit2gtk3-devel-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 webkit2gtk3-devel-2.28.4-2.59.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 webkit2gtk3-devel-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 webkit2gtk3-devel-2.28.4-2.59.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - SUSE Enterprise Storage 5 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.4-2.59.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.4-2.59.1 libwebkit2gtk-4_0-37-2.28.4-2.59.1 libwebkit2gtk-4_0-37-debuginfo-2.28.4-2.59.1 typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2-4_0-2.28.4-2.59.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-2.28.4-2.59.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.4-2.59.1 webkit2gtk3-debugsource-2.28.4-2.59.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.28.4-2.59.1 References: https://www.suse.com/security/cve/CVE-2020-9862.html https://www.suse.com/security/cve/CVE-2020-9893.html https://www.suse.com/security/cve/CVE-2020-9894.html https://www.suse.com/security/cve/CVE-2020-9895.html https://www.suse.com/security/cve/CVE-2020-9915.html https://www.suse.com/security/cve/CVE-2020-9925.html https://bugzilla.suse.com/1174662 From sle-updates at lists.suse.com Thu Aug 13 07:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:15:45 +0200 (CEST) Subject: SUSE-RU-2020:2229-1: moderate: Recommended update for util-linux Message-ID: <20200813131545.603A7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2229-1 Rating: moderate References: #1149911 #1151708 #1168235 #1168389 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2229=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2229=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2229=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libuuid-devel-2.33.2-4.3.1 util-linux-debuginfo-2.33.2-4.3.1 util-linux-debugsource-2.33.2-4.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-4.3.1 libmount-devel-2.33.2-4.3.1 libsmartcols-devel-2.33.2-4.3.1 libuuid-devel-2.33.2-4.3.1 util-linux-debuginfo-2.33.2-4.3.1 util-linux-debugsource-2.33.2-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid1-2.33.2-4.3.1 libblkid1-debuginfo-2.33.2-4.3.1 libfdisk1-2.33.2-4.3.1 libfdisk1-debuginfo-2.33.2-4.3.1 libmount1-2.33.2-4.3.1 libmount1-debuginfo-2.33.2-4.3.1 libsmartcols1-2.33.2-4.3.1 libsmartcols1-debuginfo-2.33.2-4.3.1 libuuid1-2.33.2-4.3.1 libuuid1-debuginfo-2.33.2-4.3.1 python-libmount-2.33.2-4.3.1 python-libmount-debuginfo-2.33.2-4.3.1 python-libmount-debugsource-2.33.2-4.3.1 util-linux-2.33.2-4.3.1 util-linux-debuginfo-2.33.2-4.3.1 util-linux-debugsource-2.33.2-4.3.1 util-linux-systemd-2.33.2-4.3.1 util-linux-systemd-debuginfo-2.33.2-4.3.1 util-linux-systemd-debugsource-2.33.2-4.3.1 uuidd-2.33.2-4.3.1 uuidd-debuginfo-2.33.2-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libblkid1-32bit-2.33.2-4.3.1 libblkid1-debuginfo-32bit-2.33.2-4.3.1 libmount1-32bit-2.33.2-4.3.1 libmount1-debuginfo-32bit-2.33.2-4.3.1 libuuid1-32bit-2.33.2-4.3.1 libuuid1-debuginfo-32bit-2.33.2-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): util-linux-lang-2.33.2-4.3.1 References: https://bugzilla.suse.com/1149911 https://bugzilla.suse.com/1151708 https://bugzilla.suse.com/1168235 https://bugzilla.suse.com/1168389 From sle-updates at lists.suse.com Thu Aug 13 07:16:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:16:53 +0200 (CEST) Subject: SUSE-RU-2020:2227-1: moderate: Recommended update for s390-tools Message-ID: <20200813131653.BE43FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2227-1 Rating: moderate References: #1174309 #1174310 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - zipl: prevent endless loop during secure IPL (bsc#1174309) - zipl: check for valid ipl parmblock lowcore pointer (bsc#1174310) - zipl: Fix KVM IPL without bootindex (bsc1174311) - Updated cputype and read_values to recognize the new z15 models. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2227=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): osasnmpd-2.11.0-9.6.1 osasnmpd-debuginfo-2.11.0-9.6.1 s390-tools-2.11.0-9.6.1 s390-tools-debuginfo-2.11.0-9.6.1 s390-tools-debugsource-2.11.0-9.6.1 s390-tools-hmcdrvfs-2.11.0-9.6.1 s390-tools-hmcdrvfs-debuginfo-2.11.0-9.6.1 s390-tools-zdsfs-2.11.0-9.6.1 s390-tools-zdsfs-debuginfo-2.11.0-9.6.1 References: https://bugzilla.suse.com/1174309 https://bugzilla.suse.com/1174310 From sle-updates at lists.suse.com Thu Aug 13 07:17:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:17:41 +0200 (CEST) Subject: SUSE-RU-2020:2231-1: moderate: Recommended update for dpdk Message-ID: <20200813131741.1C2EBFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2231-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of dpdk fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2231=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2231=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le x86_64): dpdk-19.11.1-3.5.1 dpdk-debuginfo-19.11.1-3.5.1 dpdk-debugsource-19.11.1-3.5.1 dpdk-devel-19.11.1-3.5.1 dpdk-devel-debuginfo-19.11.1-3.5.1 dpdk-kmp-default-19.11.1_k5.3.18_24.9-3.5.1 dpdk-kmp-default-debuginfo-19.11.1_k5.3.18_24.9-3.5.1 dpdk-tools-19.11.1-3.5.1 dpdk-tools-debuginfo-19.11.1-3.5.1 libdpdk-20_0-19.11.1-3.5.1 libdpdk-20_0-debuginfo-19.11.1-3.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): dpdk-thunderx-19.11.1-3.5.1 dpdk-thunderx-debuginfo-19.11.1-3.5.1 dpdk-thunderx-debugsource-19.11.1-3.5.1 dpdk-thunderx-devel-19.11.1-3.5.1 dpdk-thunderx-devel-debuginfo-19.11.1-3.5.1 dpdk-thunderx-kmp-default-19.11.1_k5.3.18_24.9-3.5.1 dpdk-thunderx-kmp-default-debuginfo-19.11.1_k5.3.18_24.9-3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libdpdk-20_0-19.11.1-3.5.1 libdpdk-20_0-debuginfo-19.11.1-3.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 13 07:18:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:18:25 +0200 (CEST) Subject: SUSE-SU-2020:2234-1: important: Security update for xen Message-ID: <20200813131825.03484FDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2234-1 Rating: important References: #1163019 #1168140 #1168142 #1169392 #1174543 Cross-References: CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-8608 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues - bsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write unlock paths Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2234=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2234=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2234=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2234=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_08-43.64.1 xen-debugsource-4.7.6_08-43.64.1 xen-doc-html-4.7.6_08-43.64.1 xen-libs-32bit-4.7.6_08-43.64.1 xen-libs-4.7.6_08-43.64.1 xen-libs-debuginfo-32bit-4.7.6_08-43.64.1 xen-libs-debuginfo-4.7.6_08-43.64.1 xen-tools-4.7.6_08-43.64.1 xen-tools-debuginfo-4.7.6_08-43.64.1 xen-tools-domU-4.7.6_08-43.64.1 xen-tools-domU-debuginfo-4.7.6_08-43.64.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_08-43.64.1 xen-debugsource-4.7.6_08-43.64.1 xen-doc-html-4.7.6_08-43.64.1 xen-libs-32bit-4.7.6_08-43.64.1 xen-libs-4.7.6_08-43.64.1 xen-libs-debuginfo-32bit-4.7.6_08-43.64.1 xen-libs-debuginfo-4.7.6_08-43.64.1 xen-tools-4.7.6_08-43.64.1 xen-tools-debuginfo-4.7.6_08-43.64.1 xen-tools-domU-4.7.6_08-43.64.1 xen-tools-domU-debuginfo-4.7.6_08-43.64.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_08-43.64.1 xen-debugsource-4.7.6_08-43.64.1 xen-doc-html-4.7.6_08-43.64.1 xen-libs-32bit-4.7.6_08-43.64.1 xen-libs-4.7.6_08-43.64.1 xen-libs-debuginfo-32bit-4.7.6_08-43.64.1 xen-libs-debuginfo-4.7.6_08-43.64.1 xen-tools-4.7.6_08-43.64.1 xen-tools-debuginfo-4.7.6_08-43.64.1 xen-tools-domU-4.7.6_08-43.64.1 xen-tools-domU-debuginfo-4.7.6_08-43.64.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_08-43.64.1 xen-debugsource-4.7.6_08-43.64.1 xen-doc-html-4.7.6_08-43.64.1 xen-libs-32bit-4.7.6_08-43.64.1 xen-libs-4.7.6_08-43.64.1 xen-libs-debuginfo-32bit-4.7.6_08-43.64.1 xen-libs-debuginfo-4.7.6_08-43.64.1 xen-tools-4.7.6_08-43.64.1 xen-tools-debuginfo-4.7.6_08-43.64.1 xen-tools-domU-4.7.6_08-43.64.1 xen-tools-domU-debuginfo-4.7.6_08-43.64.1 References: https://www.suse.com/security/cve/CVE-2020-11739.html https://www.suse.com/security/cve/CVE-2020-11740.html https://www.suse.com/security/cve/CVE-2020-11741.html https://www.suse.com/security/cve/CVE-2020-11742.html https://www.suse.com/security/cve/CVE-2020-8608.html https://bugzilla.suse.com/1163019 https://bugzilla.suse.com/1168140 https://bugzilla.suse.com/1168142 https://bugzilla.suse.com/1169392 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 13 07:19:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:19:31 +0200 (CEST) Subject: SUSE-RU-2020:2228-1: moderate: Recommended update for dpdk Message-ID: <20200813131931.BAE6FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2228-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of dpdk fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2228=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2228=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2228=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2228=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dpdk-17.11.7-5.8.1 dpdk-debuginfo-17.11.7-5.8.1 dpdk-debugsource-17.11.7-5.8.1 dpdk-kmp-default-17.11.7_k4.12.14_95.57-5.8.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.57-5.8.1 dpdk-tools-17.11.7-5.8.1 dpdk-tools-debuginfo-17.11.7-5.8.1 libdpdk-17_11-17.11.7-5.8.1 libdpdk-17_11-debuginfo-17.11.7-5.8.1 - SUSE OpenStack Cloud 9 (x86_64): dpdk-17.11.7-5.8.1 dpdk-debuginfo-17.11.7-5.8.1 dpdk-debugsource-17.11.7-5.8.1 dpdk-kmp-default-17.11.7_k4.12.14_95.57-5.8.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.57-5.8.1 dpdk-tools-17.11.7-5.8.1 dpdk-tools-debuginfo-17.11.7-5.8.1 libdpdk-17_11-17.11.7-5.8.1 libdpdk-17_11-debuginfo-17.11.7-5.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dpdk-17.11.7-5.8.1 dpdk-debuginfo-17.11.7-5.8.1 dpdk-debugsource-17.11.7-5.8.1 dpdk-tools-17.11.7-5.8.1 dpdk-tools-debuginfo-17.11.7-5.8.1 libdpdk-17_11-17.11.7-5.8.1 libdpdk-17_11-debuginfo-17.11.7-5.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.57-5.8.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.57-5.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): dpdk-17.11.7-5.8.1 dpdk-debuginfo-17.11.7-5.8.1 dpdk-debugsource-17.11.7-5.8.1 dpdk-tools-17.11.7-5.8.1 dpdk-tools-debuginfo-17.11.7-5.8.1 libdpdk-17_11-17.11.7-5.8.1 libdpdk-17_11-debuginfo-17.11.7-5.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): dpdk-thunderx-17.11.7-5.8.1 dpdk-thunderx-debuginfo-17.11.7-5.8.1 dpdk-thunderx-debugsource-17.11.7-5.8.1 dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.57-5.8.1 dpdk-thunderx-kmp-default-debuginfo-17.11.7_k4.12.14_95.57-5.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.57-5.8.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.57-5.8.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 13 07:20:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:20:15 +0200 (CEST) Subject: SUSE-SU-2020:2235-1: moderate: Security update for libreoffice Message-ID: <20200813132015.A2054FDE4@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2235-1 Rating: moderate References: #1062631 #1146025 #1157627 #1165849 #1172053 #1172189 #1172795 #1172796 Cross-References: CVE-2020-12802 CVE-2020-12803 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for libreoffice fixes the following issues: - Update to 6.4.5.2: * Various fixes all around - Remove mime-info and application-registry dirs bsc#1062631 - Fix bsc#1172053 - LO-L3: Image disappears during roundtrip 365->Impress->365 * bsc1172053.diff - Fix bsc#1172189 - LO-L3: Impress crashes midway opening a PPTX document * bsc1172189.diff - Fix bsc#1157627 - LO-L3: Some XML-created shapes simply lost upon PPTX import (= earth loses countries) * bsc1157627.diff - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2235=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libreoffice-branding-upstream-6.4.5.2-13.3.1 libreoffice-icon-themes-6.4.5.2-13.3.1 libreoffice-l10n-af-6.4.5.2-13.3.1 libreoffice-l10n-ar-6.4.5.2-13.3.1 libreoffice-l10n-as-6.4.5.2-13.3.1 libreoffice-l10n-bg-6.4.5.2-13.3.1 libreoffice-l10n-bn-6.4.5.2-13.3.1 libreoffice-l10n-br-6.4.5.2-13.3.1 libreoffice-l10n-ca-6.4.5.2-13.3.1 libreoffice-l10n-cs-6.4.5.2-13.3.1 libreoffice-l10n-cy-6.4.5.2-13.3.1 libreoffice-l10n-da-6.4.5.2-13.3.1 libreoffice-l10n-de-6.4.5.2-13.3.1 libreoffice-l10n-dz-6.4.5.2-13.3.1 libreoffice-l10n-el-6.4.5.2-13.3.1 libreoffice-l10n-en-6.4.5.2-13.3.1 libreoffice-l10n-eo-6.4.5.2-13.3.1 libreoffice-l10n-es-6.4.5.2-13.3.1 libreoffice-l10n-et-6.4.5.2-13.3.1 libreoffice-l10n-eu-6.4.5.2-13.3.1 libreoffice-l10n-fa-6.4.5.2-13.3.1 libreoffice-l10n-fi-6.4.5.2-13.3.1 libreoffice-l10n-fr-6.4.5.2-13.3.1 libreoffice-l10n-ga-6.4.5.2-13.3.1 libreoffice-l10n-gl-6.4.5.2-13.3.1 libreoffice-l10n-gu-6.4.5.2-13.3.1 libreoffice-l10n-he-6.4.5.2-13.3.1 libreoffice-l10n-hi-6.4.5.2-13.3.1 libreoffice-l10n-hr-6.4.5.2-13.3.1 libreoffice-l10n-hu-6.4.5.2-13.3.1 libreoffice-l10n-it-6.4.5.2-13.3.1 libreoffice-l10n-ja-6.4.5.2-13.3.1 libreoffice-l10n-kk-6.4.5.2-13.3.1 libreoffice-l10n-kn-6.4.5.2-13.3.1 libreoffice-l10n-ko-6.4.5.2-13.3.1 libreoffice-l10n-lt-6.4.5.2-13.3.1 libreoffice-l10n-lv-6.4.5.2-13.3.1 libreoffice-l10n-mai-6.4.5.2-13.3.1 libreoffice-l10n-ml-6.4.5.2-13.3.1 libreoffice-l10n-mr-6.4.5.2-13.3.1 libreoffice-l10n-nb-6.4.5.2-13.3.1 libreoffice-l10n-nl-6.4.5.2-13.3.1 libreoffice-l10n-nn-6.4.5.2-13.3.1 libreoffice-l10n-nr-6.4.5.2-13.3.1 libreoffice-l10n-nso-6.4.5.2-13.3.1 libreoffice-l10n-or-6.4.5.2-13.3.1 libreoffice-l10n-pa-6.4.5.2-13.3.1 libreoffice-l10n-pl-6.4.5.2-13.3.1 libreoffice-l10n-pt_BR-6.4.5.2-13.3.1 libreoffice-l10n-pt_PT-6.4.5.2-13.3.1 libreoffice-l10n-ro-6.4.5.2-13.3.1 libreoffice-l10n-ru-6.4.5.2-13.3.1 libreoffice-l10n-si-6.4.5.2-13.3.1 libreoffice-l10n-sk-6.4.5.2-13.3.1 libreoffice-l10n-sl-6.4.5.2-13.3.1 libreoffice-l10n-sr-6.4.5.2-13.3.1 libreoffice-l10n-ss-6.4.5.2-13.3.1 libreoffice-l10n-st-6.4.5.2-13.3.1 libreoffice-l10n-sv-6.4.5.2-13.3.1 libreoffice-l10n-ta-6.4.5.2-13.3.1 libreoffice-l10n-te-6.4.5.2-13.3.1 libreoffice-l10n-th-6.4.5.2-13.3.1 libreoffice-l10n-tn-6.4.5.2-13.3.1 libreoffice-l10n-tr-6.4.5.2-13.3.1 libreoffice-l10n-ts-6.4.5.2-13.3.1 libreoffice-l10n-uk-6.4.5.2-13.3.1 libreoffice-l10n-ve-6.4.5.2-13.3.1 libreoffice-l10n-xh-6.4.5.2-13.3.1 libreoffice-l10n-zh_CN-6.4.5.2-13.3.1 libreoffice-l10n-zh_TW-6.4.5.2-13.3.1 libreoffice-l10n-zu-6.4.5.2-13.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libreoffice-6.4.5.2-13.3.1 libreoffice-base-6.4.5.2-13.3.1 libreoffice-base-debuginfo-6.4.5.2-13.3.1 libreoffice-base-drivers-postgresql-6.4.5.2-13.3.1 libreoffice-base-drivers-postgresql-debuginfo-6.4.5.2-13.3.1 libreoffice-calc-6.4.5.2-13.3.1 libreoffice-calc-debuginfo-6.4.5.2-13.3.1 libreoffice-calc-extensions-6.4.5.2-13.3.1 libreoffice-debuginfo-6.4.5.2-13.3.1 libreoffice-debugsource-6.4.5.2-13.3.1 libreoffice-draw-6.4.5.2-13.3.1 libreoffice-draw-debuginfo-6.4.5.2-13.3.1 libreoffice-filters-optional-6.4.5.2-13.3.1 libreoffice-gnome-6.4.5.2-13.3.1 libreoffice-gnome-debuginfo-6.4.5.2-13.3.1 libreoffice-gtk3-6.4.5.2-13.3.1 libreoffice-gtk3-debuginfo-6.4.5.2-13.3.1 libreoffice-impress-6.4.5.2-13.3.1 libreoffice-impress-debuginfo-6.4.5.2-13.3.1 libreoffice-mailmerge-6.4.5.2-13.3.1 libreoffice-math-6.4.5.2-13.3.1 libreoffice-math-debuginfo-6.4.5.2-13.3.1 libreoffice-officebean-6.4.5.2-13.3.1 libreoffice-officebean-debuginfo-6.4.5.2-13.3.1 libreoffice-pyuno-6.4.5.2-13.3.1 libreoffice-pyuno-debuginfo-6.4.5.2-13.3.1 libreoffice-writer-6.4.5.2-13.3.1 libreoffice-writer-debuginfo-6.4.5.2-13.3.1 libreoffice-writer-extensions-6.4.5.2-13.3.1 libreofficekit-6.4.5.2-13.3.1 References: https://www.suse.com/security/cve/CVE-2020-12802.html https://www.suse.com/security/cve/CVE-2020-12803.html https://bugzilla.suse.com/1062631 https://bugzilla.suse.com/1146025 https://bugzilla.suse.com/1157627 https://bugzilla.suse.com/1165849 https://bugzilla.suse.com/1172053 https://bugzilla.suse.com/1172189 https://bugzilla.suse.com/1172795 https://bugzilla.suse.com/1172796 From sle-updates at lists.suse.com Thu Aug 13 07:21:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:21:49 +0200 (CEST) Subject: SUSE-SU-2020:2233-1: important: Security update for libvirt Message-ID: <20200813132149.0BBC4FDE4@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2233-1 Rating: important References: #1161883 #1171946 #1172052 #1174458 Cross-References: CVE-2020-14339 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc#1161883, bsc#1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc#1171946 - libxl: Normalize MAC address in device conf on netdev hotplug - bsc#1172052 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2233=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2233=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.9.1 libvirt-devel-5.1.0-13.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.9.1 libvirt-admin-5.1.0-13.9.1 libvirt-admin-debuginfo-5.1.0-13.9.1 libvirt-client-5.1.0-13.9.1 libvirt-client-debuginfo-5.1.0-13.9.1 libvirt-daemon-5.1.0-13.9.1 libvirt-daemon-config-network-5.1.0-13.9.1 libvirt-daemon-config-nwfilter-5.1.0-13.9.1 libvirt-daemon-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-interface-5.1.0-13.9.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-lxc-5.1.0-13.9.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-network-5.1.0-13.9.1 libvirt-daemon-driver-network-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-nodedev-5.1.0-13.9.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-nwfilter-5.1.0-13.9.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-qemu-5.1.0-13.9.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-secret-5.1.0-13.9.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-5.1.0-13.9.1 libvirt-daemon-driver-storage-core-5.1.0-13.9.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-disk-5.1.0-13.9.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-iscsi-5.1.0-13.9.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-logical-5.1.0-13.9.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-mpath-5.1.0-13.9.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.9.1 libvirt-daemon-driver-storage-scsi-5.1.0-13.9.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.9.1 libvirt-daemon-hooks-5.1.0-13.9.1 libvirt-daemon-lxc-5.1.0-13.9.1 libvirt-daemon-qemu-5.1.0-13.9.1 libvirt-debugsource-5.1.0-13.9.1 libvirt-doc-5.1.0-13.9.1 libvirt-libs-5.1.0-13.9.1 libvirt-libs-debuginfo-5.1.0-13.9.1 libvirt-lock-sanlock-5.1.0-13.9.1 libvirt-lock-sanlock-debuginfo-5.1.0-13.9.1 libvirt-nss-5.1.0-13.9.1 libvirt-nss-debuginfo-5.1.0-13.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.9.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.9.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.9.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.9.1 libvirt-daemon-xen-5.1.0-13.9.1 References: https://www.suse.com/security/cve/CVE-2020-14339.html https://bugzilla.suse.com/1161883 https://bugzilla.suse.com/1171946 https://bugzilla.suse.com/1172052 https://bugzilla.suse.com/1174458 From sle-updates at lists.suse.com Thu Aug 13 07:23:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 15:23:47 +0200 (CEST) Subject: SUSE-RU-2020:2226-1: moderate: Recommended update for dpdk Message-ID: <20200813132347.184ABFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2226-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of dpdk fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2226=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2226=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2226=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2226=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dpdk-18.11.3-3.21.1 dpdk-debuginfo-18.11.3-3.21.1 dpdk-debugsource-18.11.3-3.21.1 dpdk-devel-18.11.3-3.21.1 dpdk-devel-debuginfo-18.11.3-3.21.1 dpdk-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 dpdk-tools-18.11.3-3.21.1 dpdk-tools-debuginfo-18.11.3-3.21.1 libdpdk-18_11-18.11.3-3.21.1 libdpdk-18_11-debuginfo-18.11.3-3.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): dpdk-18.11.3-3.21.1 dpdk-debuginfo-18.11.3-3.21.1 dpdk-debugsource-18.11.3-3.21.1 dpdk-devel-18.11.3-3.21.1 dpdk-devel-debuginfo-18.11.3-3.21.1 dpdk-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 dpdk-thunderx-18.11.3-3.21.1 dpdk-thunderx-debuginfo-18.11.3-3.21.1 dpdk-thunderx-debugsource-18.11.3-3.21.1 dpdk-thunderx-devel-18.11.3-3.21.1 dpdk-thunderx-devel-debuginfo-18.11.3-3.21.1 dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 dpdk-tools-18.11.3-3.21.1 dpdk-tools-debuginfo-18.11.3-3.21.1 libdpdk-18_11-18.11.3-3.21.1 libdpdk-18_11-debuginfo-18.11.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dpdk-18.11.3-3.21.1 dpdk-debuginfo-18.11.3-3.21.1 dpdk-debugsource-18.11.3-3.21.1 dpdk-devel-18.11.3-3.21.1 dpdk-devel-debuginfo-18.11.3-3.21.1 dpdk-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 dpdk-tools-18.11.3-3.21.1 dpdk-tools-debuginfo-18.11.3-3.21.1 libdpdk-18_11-18.11.3-3.21.1 libdpdk-18_11-debuginfo-18.11.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): dpdk-thunderx-18.11.3-3.21.1 dpdk-thunderx-debuginfo-18.11.3-3.21.1 dpdk-thunderx-debugsource-18.11.3-3.21.1 dpdk-thunderx-devel-18.11.3-3.21.1 dpdk-thunderx-devel-debuginfo-18.11.3-3.21.1 dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dpdk-18.11.3-3.21.1 dpdk-debuginfo-18.11.3-3.21.1 dpdk-debugsource-18.11.3-3.21.1 dpdk-devel-18.11.3-3.21.1 dpdk-devel-debuginfo-18.11.3-3.21.1 dpdk-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 dpdk-tools-18.11.3-3.21.1 dpdk-tools-debuginfo-18.11.3-3.21.1 libdpdk-18_11-18.11.3-3.21.1 libdpdk-18_11-debuginfo-18.11.3-3.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): dpdk-thunderx-18.11.3-3.21.1 dpdk-thunderx-debuginfo-18.11.3-3.21.1 dpdk-thunderx-debugsource-18.11.3-3.21.1 dpdk-thunderx-devel-18.11.3-3.21.1 dpdk-thunderx-devel-debuginfo-18.11.3-3.21.1 dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.55-3.21.1 dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.55-3.21.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Thu Aug 13 10:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Aug 2020 18:12:53 +0200 (CEST) Subject: SUSE-RU-2020:2236-1: moderate: Recommended update for wireguard-tools Message-ID: <20200813161253.06719FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireguard-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2236-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for wireguard-tools fixes the following issues: Update to version 1.0.20200513 * Makefile: remember to install all systemd units * ipc: openbsd: switch to array ioctl interface Update to version 1.0.20200510 * ipc: add support for openbsd kernel implementation * ipc: cleanup openbsd support * wg-quick: add support for openbsd kernel implementation * wg-quick: cleanup openbsd support * wg-quick: support dns search domains * Makefile: simplify silent cleaning * git: add gitattributes so tarball doesn't have gitignore files * terminal: specialize color_mode to stdout only * highlighter: insist on 256-bit keys, not 257-bit or 258-bit * wg-quick: android: support application whitelist * systemd: add wg-quick.target Update to version 1.0.20200319 * netlink: initialize mostly unused field * curve25519: squelch warnings on clang * man: fix grammar in wg(8) and wg-quick(8) * man: backlink wg-quick(8) in wg(8) * man: add a warning to the SaveConfig description * wincompat: use string_list instead of inflatable_buffer Update to version 1.0.20200206 * man: document dynamic debug trick for Linux * extract-{handshakes,keys}: rework for upstream kernel * netlink: remove libmnl requirement * embeddable-wg-library: use newer string_list * netlink: don't pretend that sysconf isn't a function * Small cleanups. Update to version 1.0.20200121 * Makefile: add standard 'all' target * ipc: simplify inflatable buffer and add fuzzer * fuzz: add generic command argument fuzzer * fuzz: add set and setconf fuzzers * netlink: make sure to clear return value when trying again * Makefile: sort inputs to linker so that build is reproducible - Initial package, version 1.0.20200102 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2236=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): wireguard-tools-1.0.20200513-5.3.1 wireguard-tools-debuginfo-1.0.20200513-5.3.1 wireguard-tools-debugsource-1.0.20200513-5.3.1 References: From sle-updates at lists.suse.com Fri Aug 14 07:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 15:13:46 +0200 (CEST) Subject: SUSE-SU-2020:2238-1: moderate: Security update for perl-PlRPC Message-ID: <20200814131346.2FC4DFEC3@maintenance.suse.de> SUSE Security Update: Security update for perl-PlRPC ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2238-1 Rating: moderate References: #858243 Cross-References: CVE-2013-7284 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-PlRPC fixes the following issues: - Security notice: [bsc#858243, CVE-2013-7284] * Document security vulnerability on Storable and reply attack - Add perl-PlRPC-CVE-2013-7284.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2238=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-PlRPC-0.2020-25.3.1 References: https://www.suse.com/security/cve/CVE-2013-7284.html https://bugzilla.suse.com/858243 From sle-updates at lists.suse.com Fri Aug 14 07:14:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 15:14:33 +0200 (CEST) Subject: SUSE-SU-2020:2237-1: important: Security update for libvirt Message-ID: <20200814131433.90BFFFEC3@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2237-1 Rating: important References: #1161883 #1167007 #1171946 #1172052 #1174458 Cross-References: CVE-2020-14339 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc#1161883, bsc#1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc#1171946 - libxl: Normalize MAC address in device conf on netdev hotplug - bsc#1172052 - spec: Use a functional requires instead of explicit version requires for the new memory-related libxl APIs - bsc#1167007 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2237=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2237=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-8.19.1 libvirt-admin-5.1.0-8.19.1 libvirt-admin-debuginfo-5.1.0-8.19.1 libvirt-client-5.1.0-8.19.1 libvirt-client-debuginfo-5.1.0-8.19.1 libvirt-daemon-5.1.0-8.19.1 libvirt-daemon-config-network-5.1.0-8.19.1 libvirt-daemon-config-nwfilter-5.1.0-8.19.1 libvirt-daemon-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-interface-5.1.0-8.19.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-lxc-5.1.0-8.19.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-network-5.1.0-8.19.1 libvirt-daemon-driver-network-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-nodedev-5.1.0-8.19.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-nwfilter-5.1.0-8.19.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-qemu-5.1.0-8.19.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-secret-5.1.0-8.19.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-5.1.0-8.19.1 libvirt-daemon-driver-storage-core-5.1.0-8.19.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-disk-5.1.0-8.19.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.19.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-logical-5.1.0-8.19.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-mpath-5.1.0-8.19.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.19.1 libvirt-daemon-driver-storage-scsi-5.1.0-8.19.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.19.1 libvirt-daemon-hooks-5.1.0-8.19.1 libvirt-daemon-lxc-5.1.0-8.19.1 libvirt-daemon-qemu-5.1.0-8.19.1 libvirt-debugsource-5.1.0-8.19.1 libvirt-devel-5.1.0-8.19.1 libvirt-lock-sanlock-5.1.0-8.19.1 libvirt-lock-sanlock-debuginfo-5.1.0-8.19.1 libvirt-nss-5.1.0-8.19.1 libvirt-nss-debuginfo-5.1.0-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-8.19.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): libvirt-bash-completion-5.1.0-8.19.1 libvirt-doc-5.1.0-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): libvirt-daemon-driver-libxl-5.1.0-8.19.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.19.1 libvirt-daemon-xen-5.1.0-8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.19.1 libvirt-libs-5.1.0-8.19.1 libvirt-libs-debuginfo-5.1.0-8.19.1 References: https://www.suse.com/security/cve/CVE-2020-14339.html https://bugzilla.suse.com/1161883 https://bugzilla.suse.com/1167007 https://bugzilla.suse.com/1171946 https://bugzilla.suse.com/1172052 https://bugzilla.suse.com/1174458 From sle-updates at lists.suse.com Fri Aug 14 13:13:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:13:09 +0200 (CEST) Subject: SUSE-RU-2020:2245-1: important: Recommended update for grub2 Message-ID: <20200814191309.228DBFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2245-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2245=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2245=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.28.1 grub2-debuginfo-2.02-26.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.28.1 grub2-i386-pc-2.02-26.28.1 grub2-powerpc-ieee1275-2.02-26.28.1 grub2-snapper-plugin-2.02-26.28.1 grub2-systemd-sleep-plugin-2.02-26.28.1 grub2-x86_64-efi-2.02-26.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.28.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:16:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:16:22 +0200 (CEST) Subject: SUSE-RU-2020:2244-1: important: Recommended update for grub2 Message-ID: <20200814191622.D67C9FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2244-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2244=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2244=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.10.1 grub2-debuginfo-2.04-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.10.1 grub2-i386-pc-2.04-9.10.1 grub2-powerpc-ieee1275-2.04-9.10.1 grub2-snapper-plugin-2.04-9.10.1 grub2-systemd-sleep-plugin-2.04-9.10.1 grub2-x86_64-efi-2.04-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.10.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:18:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:18:13 +0200 (CEST) Subject: SUSE-RU-2020:2247-1: important: Recommended update for grub2 Message-ID: <20200814191813.190ADFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2247-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2247=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2247=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2247=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2247=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2247=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-12.34.1 grub2-debuginfo-2.02-12.34.1 grub2-debugsource-2.02-12.34.1 grub2-i386-pc-2.02-12.34.1 grub2-x86_64-efi-2.02-12.34.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-12.34.1 grub2-systemd-sleep-plugin-2.02-12.34.1 grub2-x86_64-xen-2.02-12.34.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-12.34.1 grub2-debuginfo-2.02-12.34.1 grub2-debugsource-2.02-12.34.1 grub2-i386-pc-2.02-12.34.1 grub2-x86_64-efi-2.02-12.34.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-12.34.1 grub2-systemd-sleep-plugin-2.02-12.34.1 grub2-x86_64-xen-2.02-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-12.34.1 grub2-debuginfo-2.02-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.34.1 grub2-systemd-sleep-plugin-2.02-12.34.1 grub2-x86_64-xen-2.02-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-12.34.1 grub2-i386-pc-2.02-12.34.1 grub2-x86_64-efi-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.34.1 grub2-debuginfo-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-12.34.1 grub2-systemd-sleep-plugin-2.02-12.34.1 grub2-x86_64-xen-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-12.34.1 grub2-x86_64-efi-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-12.34.1 grub2-debuginfo-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-12.34.1 grub2-systemd-sleep-plugin-2.02-12.34.1 grub2-x86_64-xen-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-12.34.1 grub2-x86_64-efi-2.02-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-12.34.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:19:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:19:14 +0200 (CEST) Subject: SUSE-RU-2020:14452-1: important: Recommended update for grub2 Message-ID: <20200814191914.9D29BFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14452-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-grub2-14452=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-14452=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): grub2-x86_64-efi-2.00-0.66.18.1 grub2-x86_64-xen-2.00-0.66.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.18.1 grub2-debugsource-2.00-0.66.18.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:22:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:22:00 +0200 (CEST) Subject: SUSE-RU-2020:2249-1: important: Recommended update for grub2 Message-ID: <20200814192200.E9F4CFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2249-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2249=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2249=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2249=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2249=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2249=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2249=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2249=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 grub2-debugsource-2.02-4.56.1 grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 grub2-debugsource-2.02-4.56.1 grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-4.56.1 grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 grub2-debugsource-2.02-4.56.1 grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 grub2-debugsource-2.02-4.56.1 - SUSE Enterprise Storage 5 (aarch64): grub2-arm64-efi-2.02-4.56.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 - SUSE Enterprise Storage 5 (x86_64): grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - HPE Helion Openstack 8 (x86_64): grub2-2.02-4.56.1 grub2-debuginfo-2.02-4.56.1 grub2-debugsource-2.02-4.56.1 grub2-i386-pc-2.02-4.56.1 grub2-x86_64-efi-2.02-4.56.1 grub2-x86_64-xen-2.02-4.56.1 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-4.56.1 grub2-systemd-sleep-plugin-2.02-4.56.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:25:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:25:03 +0200 (CEST) Subject: SUSE-RU-2020:2243-1: important: Recommended update for grub2 Message-ID: <20200814192503.56328FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2243-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2243=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2243=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2243=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2243=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-19.51.1 grub2-debuginfo-2.02-19.51.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.51.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-19.51.1 grub2-i386-pc-2.02-19.51.1 grub2-x86_64-efi-2.02-19.51.1 grub2-x86_64-xen-2.02-19.51.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-19.51.1 grub2-systemd-sleep-plugin-2.02-19.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-19.51.1 grub2-debuginfo-2.02-19.51.1 grub2-debugsource-2.02-19.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.51.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.51.1 grub2-systemd-sleep-plugin-2.02-19.51.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-19.51.1 grub2-debuginfo-2.02-19.51.1 grub2-debugsource-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-19.51.1 grub2-x86_64-efi-2.02-19.51.1 grub2-x86_64-xen-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.51.1 grub2-systemd-sleep-plugin-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-19.51.1 grub2-debuginfo-2.02-19.51.1 grub2-debugsource-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-19.51.1 grub2-x86_64-efi-2.02-19.51.1 grub2-x86_64-xen-2.02-19.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-19.51.1 grub2-systemd-sleep-plugin-2.02-19.51.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Fri Aug 14 13:26:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Aug 2020 21:26:55 +0200 (CEST) Subject: SUSE-RU-2020:2250-1: important: Recommended update for grub2 Message-ID: <20200814192655.D13EFFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2250-1 Rating: important References: #1174782 #1175036 #1175060 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2250=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2250=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2250=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2250=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.52.1 grub2-debuginfo-2.02~beta2-115.52.1 grub2-debugsource-2.02~beta2-115.52.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.52.1 grub2-x86_64-efi-2.02~beta2-115.52.1 grub2-x86_64-xen-2.02~beta2-115.52.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.52.1 grub2-systemd-sleep-plugin-2.02~beta2-115.52.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.52.1 grub2-debuginfo-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.52.1 grub2-systemd-sleep-plugin-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.52.1 grub2-i386-pc-2.02~beta2-115.52.1 grub2-x86_64-efi-2.02~beta2-115.52.1 grub2-x86_64-xen-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.52.1 grub2-debuginfo-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.52.1 grub2-systemd-sleep-plugin-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.52.1 grub2-x86_64-efi-2.02~beta2-115.52.1 grub2-x86_64-xen-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.52.1 grub2-systemd-sleep-plugin-2.02~beta2-115.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.52.1 grub2-debuginfo-2.02~beta2-115.52.1 grub2-debugsource-2.02~beta2-115.52.1 grub2-i386-pc-2.02~beta2-115.52.1 grub2-x86_64-efi-2.02~beta2-115.52.1 grub2-x86_64-xen-2.02~beta2-115.52.1 References: https://bugzilla.suse.com/1174782 https://bugzilla.suse.com/1175036 https://bugzilla.suse.com/1175060 From sle-updates at lists.suse.com Mon Aug 17 10:13:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:13:01 +0200 (CEST) Subject: SUSE-RU-2020:2253-1: moderate: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter Message-ID: <20200817161301.AEC1EFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2253-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues: prometheus-sap_host_exporter: - Added * --version command line parameter - Fixed * Some usage details are now further clarified prometheus-ha_cluster_exporter: - Features * Added support for corosync v3 - Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated - Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2253=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2253=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2253=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-4.6.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-4.6.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-4.6.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-4.6.1 References: From sle-updates at lists.suse.com Mon Aug 17 10:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:13:41 +0200 (CEST) Subject: SUSE-RU-2020:2255-1: moderate: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter Message-ID: <20200817161341.78D27FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2255-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues: prometheus-sap_host_exporter: - Added * --version command line parameter - Fixed * Some usage details are now further clarified prometheus-ha_cluster_exporter: - Features * Added support for corosync v3 - Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated - Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2255=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2255=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-1.6.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-1.6.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-1.6.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-1.6.1 References: From sle-updates at lists.suse.com Mon Aug 17 10:14:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:14:21 +0200 (CEST) Subject: SUSE-SU-2020:2251-1: moderate: Security update for zabbix Message-ID: <20200817161421.9E391FEC3@maintenance.suse.de> SUSE Security Update: Security update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2251-1 Rating: moderate References: #1174253 Cross-References: CVE-2020-15803 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zabbix fixes the following issues: - Add patches to fix bsc#1174253 (CVE-2020-15803) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2251=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.7.1 zabbix-agent-debuginfo-4.0.12-4.7.1 zabbix-debugsource-4.0.12-4.7.1 References: https://www.suse.com/security/cve/CVE-2020-15803.html https://bugzilla.suse.com/1174253 From sle-updates at lists.suse.com Mon Aug 17 10:15:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:15:04 +0200 (CEST) Subject: SUSE-RU-2020:2252-1: moderate: Recommended update for python-parallax Message-ID: <20200817161504.89256FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2252-1 Rating: moderate References: #1174894 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issue: - Change format of scp command for ipv6 compatibility. (bsc#1174894) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2252=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): python3-parallax-1.0.6-4.3.1 References: https://bugzilla.suse.com/1174894 From sle-updates at lists.suse.com Mon Aug 17 10:15:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:15:49 +0200 (CEST) Subject: SUSE-RU-2020:2256-1: moderate: Recommended update for sysfsutils Message-ID: <20200817161549.6D003FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysfsutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2256-1 Rating: moderate References: #1155305 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2256=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2256=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): sysfsutils-2.1.0-3.3.1 sysfsutils-debuginfo-2.1.0-3.3.1 sysfsutils-debugsource-2.1.0-3.3.1 sysfsutils-devel-2.1.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): sysfsutils-32bit-2.1.0-3.3.1 sysfsutils-32bit-debuginfo-2.1.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sysfsutils-2.1.0-3.3.1 sysfsutils-debuginfo-2.1.0-3.3.1 sysfsutils-debugsource-2.1.0-3.3.1 sysfsutils-devel-2.1.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): sysfsutils-32bit-2.1.0-3.3.1 sysfsutils-32bit-debuginfo-2.1.0-3.3.1 References: https://bugzilla.suse.com/1155305 From sle-updates at lists.suse.com Mon Aug 17 10:16:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Aug 2020 18:16:40 +0200 (CEST) Subject: SUSE-RU-2020:2254-1: moderate: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter Message-ID: <20200817161640.64713FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2254-1 Rating: moderate References: #1174429 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues: prometheus-sap_host_exporter: - Added * --version command line parameter - Fixed * Some usage details are now further clarified prometheus-ha_cluster_exporter: - Features * Added support for corosync v3 - Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated - Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-2254=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.1.0+git.1594637514.c1eae0c-3.3.1 prometheus-sap_host_exporter-0.5.1+git.1593777035.a5d05f8-4.3.1 References: https://bugzilla.suse.com/1174429 From sle-updates at lists.suse.com Tue Aug 18 00:21:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 08:21:12 +0200 (CEST) Subject: SUSE-CU-2020:390-1: Recommended update of suse/sles12sp5 Message-ID: <20200818062112.92501FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:390-1 Container Tags : suse/sles12sp5:6.5.40 , suse/sles12sp5:latest Container Release : 6.5.40 Severity : moderate Type : recommended References : 1149911 1151708 1168235 1168389 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2229-1 Released: Thu Aug 13 10:14:37 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) From sle-updates at lists.suse.com Tue Aug 18 00:31:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 08:31:43 +0200 (CEST) Subject: SUSE-CU-2020:391-1: Recommended update of suse/sle15 Message-ID: <20200818063143.36E5DFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:391-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.248 Container Release : 4.22.248 Severity : moderate Type : recommended References : 1171878 1172085 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) From sle-updates at lists.suse.com Tue Aug 18 00:38:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 08:38:55 +0200 (CEST) Subject: SUSE-CU-2020:392-1: Recommended update of suse/sle15 Message-ID: <20200818063855.1AAFCFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:392-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.287 Container Release : 6.2.287 Severity : moderate Type : recommended References : 1171878 1172085 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) From sle-updates at lists.suse.com Tue Aug 18 00:40:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 08:40:08 +0200 (CEST) Subject: SUSE-CU-2020:393-1: Recommended update of suse/sle15 Message-ID: <20200818064008.46B07FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:393-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.725 Container Release : 8.2.725 Severity : moderate Type : recommended References : 1171878 1172085 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) From sle-updates at lists.suse.com Tue Aug 18 07:14:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:14:03 +0200 (CEST) Subject: SUSE-RU-2020:2261-1: moderate: Recommended update for sysfsutils Message-ID: <20200818131403.AFDCFFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysfsutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2261-1 Rating: moderate References: #1155305 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2261=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2261=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sysfsutils-debuginfo-2.1.0-153.3.1 sysfsutils-debugsource-2.1.0-153.3.1 sysfsutils-devel-2.1.0-153.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sysfsutils-2.1.0-153.3.1 sysfsutils-debuginfo-2.1.0-153.3.1 sysfsutils-debugsource-2.1.0-153.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sysfsutils-32bit-2.1.0-153.3.1 sysfsutils-debuginfo-32bit-2.1.0-153.3.1 References: https://bugzilla.suse.com/1155305 From sle-updates at lists.suse.com Tue Aug 18 07:15:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:15:43 +0200 (CEST) Subject: SUSE-SU-2020:2258-1: moderate: Security update for fwupd Message-ID: <20200818131543.5FE58FEC3@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2258-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupd fixes the following issue: - rebuild with new UEFI signing key (bsc#1174543) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2258=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fwupd-1.2.11-5.2.1 fwupd-debuginfo-1.2.11-5.2.1 fwupd-debugsource-1.2.11-5.2.1 fwupd-devel-1.2.11-5.2.1 libfwupd2-1.2.11-5.2.1 libfwupd2-debuginfo-1.2.11-5.2.1 typelib-1_0-Fwupd-2_0-1.2.11-5.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): fwupd-lang-1.2.11-5.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 18 07:16:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:16:31 +0200 (CEST) Subject: SUSE-SU-2020:2264-1: important: Security update for postgresql10 Message-ID: <20200818131631.B4717FDE4@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2264-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2264=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2264=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2264=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2264=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libecpg6-10.14-4.25.1 libecpg6-debuginfo-10.14-4.25.1 libpq5-10.14-4.25.1 libpq5-debuginfo-10.14-4.25.1 postgresql10-10.14-4.25.1 postgresql10-contrib-10.14-4.25.1 postgresql10-contrib-debuginfo-10.14-4.25.1 postgresql10-debuginfo-10.14-4.25.1 postgresql10-debugsource-10.14-4.25.1 postgresql10-devel-10.14-4.25.1 postgresql10-devel-debuginfo-10.14-4.25.1 postgresql10-plperl-10.14-4.25.1 postgresql10-plperl-debuginfo-10.14-4.25.1 postgresql10-plpython-10.14-4.25.1 postgresql10-plpython-debuginfo-10.14-4.25.1 postgresql10-pltcl-10.14-4.25.1 postgresql10-pltcl-debuginfo-10.14-4.25.1 postgresql10-server-10.14-4.25.1 postgresql10-server-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): postgresql10-docs-10.14-4.25.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpq5-32bit-10.14-4.25.1 libpq5-32bit-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libecpg6-10.14-4.25.1 libecpg6-debuginfo-10.14-4.25.1 libpq5-10.14-4.25.1 libpq5-debuginfo-10.14-4.25.1 postgresql10-10.14-4.25.1 postgresql10-contrib-10.14-4.25.1 postgresql10-contrib-debuginfo-10.14-4.25.1 postgresql10-debuginfo-10.14-4.25.1 postgresql10-debugsource-10.14-4.25.1 postgresql10-devel-10.14-4.25.1 postgresql10-devel-debuginfo-10.14-4.25.1 postgresql10-plperl-10.14-4.25.1 postgresql10-plperl-debuginfo-10.14-4.25.1 postgresql10-plpython-10.14-4.25.1 postgresql10-plpython-debuginfo-10.14-4.25.1 postgresql10-pltcl-10.14-4.25.1 postgresql10-pltcl-debuginfo-10.14-4.25.1 postgresql10-server-10.14-4.25.1 postgresql10-server-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): postgresql10-docs-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libecpg6-10.14-4.25.1 libecpg6-debuginfo-10.14-4.25.1 libpq5-10.14-4.25.1 libpq5-debuginfo-10.14-4.25.1 postgresql10-10.14-4.25.1 postgresql10-contrib-10.14-4.25.1 postgresql10-contrib-debuginfo-10.14-4.25.1 postgresql10-debuginfo-10.14-4.25.1 postgresql10-debugsource-10.14-4.25.1 postgresql10-devel-10.14-4.25.1 postgresql10-devel-debuginfo-10.14-4.25.1 postgresql10-plperl-10.14-4.25.1 postgresql10-plperl-debuginfo-10.14-4.25.1 postgresql10-plpython-10.14-4.25.1 postgresql10-plpython-debuginfo-10.14-4.25.1 postgresql10-pltcl-10.14-4.25.1 postgresql10-pltcl-debuginfo-10.14-4.25.1 postgresql10-server-10.14-4.25.1 postgresql10-server-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): postgresql10-docs-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpq5-32bit-10.14-4.25.1 libpq5-32bit-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libecpg6-10.14-4.25.1 libecpg6-debuginfo-10.14-4.25.1 libpq5-10.14-4.25.1 libpq5-debuginfo-10.14-4.25.1 postgresql10-10.14-4.25.1 postgresql10-contrib-10.14-4.25.1 postgresql10-contrib-debuginfo-10.14-4.25.1 postgresql10-debuginfo-10.14-4.25.1 postgresql10-debugsource-10.14-4.25.1 postgresql10-devel-10.14-4.25.1 postgresql10-devel-debuginfo-10.14-4.25.1 postgresql10-plperl-10.14-4.25.1 postgresql10-plperl-debuginfo-10.14-4.25.1 postgresql10-plpython-10.14-4.25.1 postgresql10-plpython-debuginfo-10.14-4.25.1 postgresql10-pltcl-10.14-4.25.1 postgresql10-pltcl-debuginfo-10.14-4.25.1 postgresql10-server-10.14-4.25.1 postgresql10-server-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpq5-32bit-10.14-4.25.1 libpq5-32bit-debuginfo-10.14-4.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): postgresql10-docs-10.14-4.25.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 From sle-updates at lists.suse.com Tue Aug 18 07:17:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:17:27 +0200 (CEST) Subject: SUSE-SU-2020:2259-1: moderate: Security update for fwupd Message-ID: <20200818131727.7E834FDE4@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2259-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupd fixes the following issue: - rebuild with new UEFI signing key (bsc#1174543) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2259=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): fwupd-1.0.9-6.5.1 fwupd-debuginfo-1.0.9-6.5.1 fwupd-debugsource-1.0.9-6.5.1 fwupd-devel-1.0.9-6.5.1 libfwupd2-1.0.9-6.5.1 libfwupd2-debuginfo-1.0.9-6.5.1 typelib-1_0-Fwupd-2_0-1.0.9-6.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): fwupd-lang-1.0.9-6.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Aug 18 07:18:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:18:12 +0200 (CEST) Subject: SUSE-SU-2020:2267-1: important: Security update for dovecot23 Message-ID: <20200818131812.1769AFDE4@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2267-1 Rating: important References: #1174922 #1174923 Cross-References: CVE-2020-12673 CVE-2020-12674 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2267=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.10-16.1 dovecot23-backend-mysql-2.3.10-16.1 dovecot23-backend-mysql-debuginfo-2.3.10-16.1 dovecot23-backend-pgsql-2.3.10-16.1 dovecot23-backend-pgsql-debuginfo-2.3.10-16.1 dovecot23-backend-sqlite-2.3.10-16.1 dovecot23-backend-sqlite-debuginfo-2.3.10-16.1 dovecot23-debuginfo-2.3.10-16.1 dovecot23-debugsource-2.3.10-16.1 dovecot23-devel-2.3.10-16.1 dovecot23-fts-2.3.10-16.1 dovecot23-fts-debuginfo-2.3.10-16.1 dovecot23-fts-lucene-2.3.10-16.1 dovecot23-fts-lucene-debuginfo-2.3.10-16.1 dovecot23-fts-solr-2.3.10-16.1 dovecot23-fts-solr-debuginfo-2.3.10-16.1 dovecot23-fts-squat-2.3.10-16.1 dovecot23-fts-squat-debuginfo-2.3.10-16.1 References: https://www.suse.com/security/cve/CVE-2020-12673.html https://www.suse.com/security/cve/CVE-2020-12674.html https://bugzilla.suse.com/1174922 https://bugzilla.suse.com/1174923 From sle-updates at lists.suse.com Tue Aug 18 07:19:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:19:03 +0200 (CEST) Subject: SUSE-SU-2020:14454-1: moderate: Security update for python-azure-agent Message-ID: <20200818131903.6E7B2FDE4@maintenance.suse.de> SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14454-1 Rating: moderate References: #1061584 #1074865 #1087764 #1092831 #1094420 #1119542 #1127838 #1167601 #1167602 #1173866 #1175130 #997614 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for python-azure-agent fixes the following issues: + Properly set the dhcp configuration to push the hostname to the DHCP server (bsc#1173866) + Do not bring the interface down to push the hostname, just use ifup + Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602) Update to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-14454=1 Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.2.45-28.8.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1061584 https://bugzilla.suse.com/1074865 https://bugzilla.suse.com/1087764 https://bugzilla.suse.com/1092831 https://bugzilla.suse.com/1094420 https://bugzilla.suse.com/1119542 https://bugzilla.suse.com/1127838 https://bugzilla.suse.com/1167601 https://bugzilla.suse.com/1167602 https://bugzilla.suse.com/1173866 https://bugzilla.suse.com/1175130 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Tue Aug 18 07:21:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:21:10 +0200 (CEST) Subject: SUSE-RU-2020:2262-1: moderate: Recommended update for rt-tests Message-ID: <20200818132110.836E3FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rt-tests ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2262-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rt-tests fixes the following issues: Update to version 1.6 (jsc#SLE-12981) * New feature to get a snapshot of a running instance of cyclictest without stopping it by sending SIGUSR2 to the PID and reading a shared memory segment. This is especially useful if running cyclictest over a long period of time * Add SPDX tags V3 * New programs to the rt-tests suite - queuelat: simulates a network queue checking for latency violations in packet processing. - cyclicdeadline: used to test the deadline scheduler (SCHED_DEADLINE) - deadline_test: tests the deadline scheduler in a cyclictest manner - ssdd: a tracer to do a bunch of PTRACE_SINGLESTEPs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-2262=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2262=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): rt-tests-1.6-3.3.1 rt-tests-debuginfo-1.6-3.3.1 rt-tests-debugsource-1.6-3.3.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): rt-tests-1.6-3.3.1 rt-tests-debuginfo-1.6-3.3.1 rt-tests-debugsource-1.6-3.3.1 References: From sle-updates at lists.suse.com Tue Aug 18 07:21:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:21:47 +0200 (CEST) Subject: SUSE-SU-2020:14456-1: moderate: Security update for MozillaFirefox Message-ID: <20200818132147.C72BFFDE4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14456-1 Rating: moderate References: #1173948 #1173991 #1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading (boo#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe (MFSA 2020-32) (bsc#1174538). * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14456=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14456=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.1.0-78.87.1 MozillaFirefox-translations-common-78.1.0-78.87.1 MozillaFirefox-translations-other-78.1.0-78.87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.1.0-78.87.1 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15653.html https://www.suse.com/security/cve/CVE-2020-15654.html https://www.suse.com/security/cve/CVE-2020-15655.html https://www.suse.com/security/cve/CVE-2020-15656.html https://www.suse.com/security/cve/CVE-2020-15657.html https://www.suse.com/security/cve/CVE-2020-15658.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1173948 https://bugzilla.suse.com/1173991 https://bugzilla.suse.com/1174538 From sle-updates at lists.suse.com Tue Aug 18 07:22:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:22:46 +0200 (CEST) Subject: SUSE-SU-2020:2265-1: important: Security update for postgresql12 Message-ID: <20200818132246.C6384FDE4@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2265-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2265=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2265=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-12.4-8.6.1 libecpg6-debuginfo-12.4-8.6.1 postgresql12-contrib-12.4-8.6.1 postgresql12-contrib-debuginfo-12.4-8.6.1 postgresql12-debuginfo-12.4-8.6.1 postgresql12-debugsource-12.4-8.6.1 postgresql12-devel-12.4-8.6.1 postgresql12-devel-debuginfo-12.4-8.6.1 postgresql12-plperl-12.4-8.6.1 postgresql12-plperl-debuginfo-12.4-8.6.1 postgresql12-plpython-12.4-8.6.1 postgresql12-plpython-debuginfo-12.4-8.6.1 postgresql12-pltcl-12.4-8.6.1 postgresql12-pltcl-debuginfo-12.4-8.6.1 postgresql12-server-12.4-8.6.1 postgresql12-server-debuginfo-12.4-8.6.1 postgresql12-server-devel-12.4-8.6.1 postgresql12-server-devel-debuginfo-12.4-8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.4-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-12.4-8.6.1 libpq5-debuginfo-12.4-8.6.1 postgresql12-12.4-8.6.1 postgresql12-debuginfo-12.4-8.6.1 postgresql12-debugsource-12.4-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-12.4-8.6.1 libpq5-32bit-debuginfo-12.4-8.6.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 From sle-updates at lists.suse.com Tue Aug 18 07:23:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 15:23:38 +0200 (CEST) Subject: SUSE-SU-2020:2266-1: important: Security update for dovecot23 Message-ID: <20200818132338.1AE6AFDE4@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2266-1 Rating: important References: #1174922 #1174923 Cross-References: CVE-2020-12673 CVE-2020-12674 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2266=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2266=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2266=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2266=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dovecot23-2.3.10-4.27.1 dovecot23-backend-mysql-2.3.10-4.27.1 dovecot23-backend-mysql-debuginfo-2.3.10-4.27.1 dovecot23-backend-pgsql-2.3.10-4.27.1 dovecot23-backend-pgsql-debuginfo-2.3.10-4.27.1 dovecot23-backend-sqlite-2.3.10-4.27.1 dovecot23-backend-sqlite-debuginfo-2.3.10-4.27.1 dovecot23-debuginfo-2.3.10-4.27.1 dovecot23-debugsource-2.3.10-4.27.1 dovecot23-devel-2.3.10-4.27.1 dovecot23-fts-2.3.10-4.27.1 dovecot23-fts-debuginfo-2.3.10-4.27.1 dovecot23-fts-lucene-2.3.10-4.27.1 dovecot23-fts-lucene-debuginfo-2.3.10-4.27.1 dovecot23-fts-solr-2.3.10-4.27.1 dovecot23-fts-solr-debuginfo-2.3.10-4.27.1 dovecot23-fts-squat-2.3.10-4.27.1 dovecot23-fts-squat-debuginfo-2.3.10-4.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dovecot23-2.3.10-4.27.1 dovecot23-backend-mysql-2.3.10-4.27.1 dovecot23-backend-mysql-debuginfo-2.3.10-4.27.1 dovecot23-backend-pgsql-2.3.10-4.27.1 dovecot23-backend-pgsql-debuginfo-2.3.10-4.27.1 dovecot23-backend-sqlite-2.3.10-4.27.1 dovecot23-backend-sqlite-debuginfo-2.3.10-4.27.1 dovecot23-debuginfo-2.3.10-4.27.1 dovecot23-debugsource-2.3.10-4.27.1 dovecot23-devel-2.3.10-4.27.1 dovecot23-fts-2.3.10-4.27.1 dovecot23-fts-debuginfo-2.3.10-4.27.1 dovecot23-fts-lucene-2.3.10-4.27.1 dovecot23-fts-lucene-debuginfo-2.3.10-4.27.1 dovecot23-fts-solr-2.3.10-4.27.1 dovecot23-fts-solr-debuginfo-2.3.10-4.27.1 dovecot23-fts-squat-2.3.10-4.27.1 dovecot23-fts-squat-debuginfo-2.3.10-4.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dovecot23-2.3.10-4.27.1 dovecot23-backend-mysql-2.3.10-4.27.1 dovecot23-backend-mysql-debuginfo-2.3.10-4.27.1 dovecot23-backend-pgsql-2.3.10-4.27.1 dovecot23-backend-pgsql-debuginfo-2.3.10-4.27.1 dovecot23-backend-sqlite-2.3.10-4.27.1 dovecot23-backend-sqlite-debuginfo-2.3.10-4.27.1 dovecot23-debuginfo-2.3.10-4.27.1 dovecot23-debugsource-2.3.10-4.27.1 dovecot23-devel-2.3.10-4.27.1 dovecot23-fts-2.3.10-4.27.1 dovecot23-fts-debuginfo-2.3.10-4.27.1 dovecot23-fts-lucene-2.3.10-4.27.1 dovecot23-fts-lucene-debuginfo-2.3.10-4.27.1 dovecot23-fts-solr-2.3.10-4.27.1 dovecot23-fts-solr-debuginfo-2.3.10-4.27.1 dovecot23-fts-squat-2.3.10-4.27.1 dovecot23-fts-squat-debuginfo-2.3.10-4.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dovecot23-2.3.10-4.27.1 dovecot23-backend-mysql-2.3.10-4.27.1 dovecot23-backend-mysql-debuginfo-2.3.10-4.27.1 dovecot23-backend-pgsql-2.3.10-4.27.1 dovecot23-backend-pgsql-debuginfo-2.3.10-4.27.1 dovecot23-backend-sqlite-2.3.10-4.27.1 dovecot23-backend-sqlite-debuginfo-2.3.10-4.27.1 dovecot23-debuginfo-2.3.10-4.27.1 dovecot23-debugsource-2.3.10-4.27.1 dovecot23-devel-2.3.10-4.27.1 dovecot23-fts-2.3.10-4.27.1 dovecot23-fts-debuginfo-2.3.10-4.27.1 dovecot23-fts-lucene-2.3.10-4.27.1 dovecot23-fts-lucene-debuginfo-2.3.10-4.27.1 dovecot23-fts-solr-2.3.10-4.27.1 dovecot23-fts-solr-debuginfo-2.3.10-4.27.1 dovecot23-fts-squat-2.3.10-4.27.1 dovecot23-fts-squat-debuginfo-2.3.10-4.27.1 References: https://www.suse.com/security/cve/CVE-2020-12673.html https://www.suse.com/security/cve/CVE-2020-12674.html https://bugzilla.suse.com/1174922 https://bugzilla.suse.com/1174923 From sle-updates at lists.suse.com Tue Aug 18 13:13:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 21:13:00 +0200 (CEST) Subject: SUSE-RU-2020:2273-1: moderate: Recommended update for wicked Message-ID: <20200818191300.2A745FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2273-1 Rating: moderate References: #1165180 #1174785 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update of wicked fixes the obsoletion of older libwicked-0-6-0 library. (bsc#1165180 bsc#1174785) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2273=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2273=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2273=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2273=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2273=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2273=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2273=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2273=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2273=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2273=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2273=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE OpenStack Cloud 8 (x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE OpenStack Cloud 7 (s390x x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 - HPE Helion Openstack 8 (x86_64): wicked-0.6.60-38.37.1 wicked-debuginfo-0.6.60-38.37.1 wicked-debugsource-0.6.60-38.37.1 wicked-service-0.6.60-38.37.1 References: https://bugzilla.suse.com/1165180 https://bugzilla.suse.com/1174785 From sle-updates at lists.suse.com Tue Aug 18 13:13:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 21:13:54 +0200 (CEST) Subject: SUSE-SU-2020:2269-1: important: Security update for libvirt Message-ID: <20200818191354.4A4B7FDE4@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2269-1 Rating: important References: #1161883 #1174458 Cross-References: CVE-2020-14339 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc#1161883, bsc#1174458 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2269=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2269=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libvirt-6.0.0-13.3.1 libvirt-admin-6.0.0-13.3.1 libvirt-admin-debuginfo-6.0.0-13.3.1 libvirt-client-6.0.0-13.3.1 libvirt-client-debuginfo-6.0.0-13.3.1 libvirt-daemon-6.0.0-13.3.1 libvirt-daemon-config-network-6.0.0-13.3.1 libvirt-daemon-config-nwfilter-6.0.0-13.3.1 libvirt-daemon-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-interface-6.0.0-13.3.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-lxc-6.0.0-13.3.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-network-6.0.0-13.3.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-nodedev-6.0.0-13.3.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-nwfilter-6.0.0-13.3.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-qemu-6.0.0-13.3.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-secret-6.0.0-13.3.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-6.0.0-13.3.1 libvirt-daemon-driver-storage-core-6.0.0-13.3.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-disk-6.0.0-13.3.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.3.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-logical-6.0.0-13.3.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.3.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.3.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.3.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.3.1 libvirt-daemon-hooks-6.0.0-13.3.1 libvirt-daemon-lxc-6.0.0-13.3.1 libvirt-daemon-qemu-6.0.0-13.3.1 libvirt-debugsource-6.0.0-13.3.1 libvirt-devel-6.0.0-13.3.1 libvirt-lock-sanlock-6.0.0-13.3.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.3.1 libvirt-nss-6.0.0-13.3.1 libvirt-nss-debuginfo-6.0.0-13.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-6.0.0-13.3.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.3.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.3.1 libvirt-daemon-xen-6.0.0-13.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): libvirt-bash-completion-6.0.0-13.3.1 libvirt-doc-6.0.0-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-6.0.0-13.3.1 libvirt-libs-6.0.0-13.3.1 libvirt-libs-debuginfo-6.0.0-13.3.1 References: https://www.suse.com/security/cve/CVE-2020-14339.html https://bugzilla.suse.com/1161883 https://bugzilla.suse.com/1174458 From sle-updates at lists.suse.com Tue Aug 18 13:14:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 21:14:43 +0200 (CEST) Subject: SUSE-SU-2020:2272-1: important: Security update for freerdp Message-ID: <20200818191443.EDB32FDE4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2272-1 Rating: important References: #1004108 #1050699 #1050704 #1050708 #1050711 #1050712 #1050714 #1085416 #1087240 #1090677 #1103557 #1104918 #1112028 #1116708 #1117963 #1117964 #1117965 #1117966 #1117967 #1120507 #1129193 #1169679 #1169748 #1171441 #1171443 #1171444 #1171445 #1171446 #1171447 #1171674 #1173247 #1173605 #1174200 #1174321 Cross-References: CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-15103 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 46 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: freerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to "WLOG_TRACE". - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). - Fixed an issue where freerdp could not start (bsc#1129193). - Fixed an issue where copy and paste between remote host was transforming text to chinese (bsc#1004108). - Added pulse support (bsc#1090677). Additionally, the following issue was fixed: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2272=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2272=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): vinagre-lang-3.20.2-16.3.3 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.20.1 freerdp-debuginfo-2.1.2-12.20.1 freerdp-debugsource-2.1.2-12.20.1 freerdp-proxy-2.1.2-12.20.1 freerdp-server-2.1.2-12.20.1 libfreerdp2-2.1.2-12.20.1 libfreerdp2-debuginfo-2.1.2-12.20.1 libwinpr2-2.1.2-12.20.1 libwinpr2-debuginfo-2.1.2-12.20.1 vinagre-3.20.2-16.3.3 vinagre-debuginfo-3.20.2-16.3.3 vinagre-debugsource-3.20.2-16.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.20.1 freerdp-debugsource-2.1.2-12.20.1 freerdp-devel-2.1.2-12.20.1 libfreerdp2-2.1.2-12.20.1 libfreerdp2-debuginfo-2.1.2-12.20.1 libwinpr2-2.1.2-12.20.1 libwinpr2-debuginfo-2.1.2-12.20.1 winpr2-devel-2.1.2-12.20.1 References: https://www.suse.com/security/cve/CVE-2017-2834.html https://www.suse.com/security/cve/CVE-2017-2835.html https://www.suse.com/security/cve/CVE-2017-2836.html https://www.suse.com/security/cve/CVE-2017-2837.html https://www.suse.com/security/cve/CVE-2017-2838.html https://www.suse.com/security/cve/CVE-2017-2839.html https://www.suse.com/security/cve/CVE-2018-0886.html https://www.suse.com/security/cve/CVE-2018-1000852.html https://www.suse.com/security/cve/CVE-2018-8784.html https://www.suse.com/security/cve/CVE-2018-8785.html https://www.suse.com/security/cve/CVE-2018-8786.html https://www.suse.com/security/cve/CVE-2018-8787.html https://www.suse.com/security/cve/CVE-2018-8788.html https://www.suse.com/security/cve/CVE-2018-8789.html https://www.suse.com/security/cve/CVE-2020-11017.html https://www.suse.com/security/cve/CVE-2020-11018.html https://www.suse.com/security/cve/CVE-2020-11019.html https://www.suse.com/security/cve/CVE-2020-11038.html https://www.suse.com/security/cve/CVE-2020-11039.html https://www.suse.com/security/cve/CVE-2020-11040.html https://www.suse.com/security/cve/CVE-2020-11041.html https://www.suse.com/security/cve/CVE-2020-11043.html https://www.suse.com/security/cve/CVE-2020-11085.html https://www.suse.com/security/cve/CVE-2020-11086.html https://www.suse.com/security/cve/CVE-2020-11087.html https://www.suse.com/security/cve/CVE-2020-11088.html https://www.suse.com/security/cve/CVE-2020-11089.html https://www.suse.com/security/cve/CVE-2020-11095.html https://www.suse.com/security/cve/CVE-2020-11096.html https://www.suse.com/security/cve/CVE-2020-11097.html https://www.suse.com/security/cve/CVE-2020-11098.html https://www.suse.com/security/cve/CVE-2020-11099.html https://www.suse.com/security/cve/CVE-2020-11521.html https://www.suse.com/security/cve/CVE-2020-11522.html https://www.suse.com/security/cve/CVE-2020-11523.html https://www.suse.com/security/cve/CVE-2020-11524.html https://www.suse.com/security/cve/CVE-2020-11525.html https://www.suse.com/security/cve/CVE-2020-11526.html https://www.suse.com/security/cve/CVE-2020-13396.html https://www.suse.com/security/cve/CVE-2020-13397.html https://www.suse.com/security/cve/CVE-2020-13398.html https://www.suse.com/security/cve/CVE-2020-15103.html https://www.suse.com/security/cve/CVE-2020-4030.html https://www.suse.com/security/cve/CVE-2020-4031.html https://www.suse.com/security/cve/CVE-2020-4032.html https://www.suse.com/security/cve/CVE-2020-4033.html https://bugzilla.suse.com/1004108 https://bugzilla.suse.com/1050699 https://bugzilla.suse.com/1050704 https://bugzilla.suse.com/1050708 https://bugzilla.suse.com/1050711 https://bugzilla.suse.com/1050712 https://bugzilla.suse.com/1050714 https://bugzilla.suse.com/1085416 https://bugzilla.suse.com/1087240 https://bugzilla.suse.com/1090677 https://bugzilla.suse.com/1103557 https://bugzilla.suse.com/1104918 https://bugzilla.suse.com/1112028 https://bugzilla.suse.com/1116708 https://bugzilla.suse.com/1117963 https://bugzilla.suse.com/1117964 https://bugzilla.suse.com/1117965 https://bugzilla.suse.com/1117966 https://bugzilla.suse.com/1117967 https://bugzilla.suse.com/1120507 https://bugzilla.suse.com/1129193 https://bugzilla.suse.com/1169679 https://bugzilla.suse.com/1169748 https://bugzilla.suse.com/1171441 https://bugzilla.suse.com/1171443 https://bugzilla.suse.com/1171444 https://bugzilla.suse.com/1171445 https://bugzilla.suse.com/1171446 https://bugzilla.suse.com/1171447 https://bugzilla.suse.com/1171674 https://bugzilla.suse.com/1173247 https://bugzilla.suse.com/1173605 https://bugzilla.suse.com/1174200 https://bugzilla.suse.com/1174321 From sle-updates at lists.suse.com Tue Aug 18 13:18:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Aug 2020 21:18:51 +0200 (CEST) Subject: SUSE-SU-2020:2271-1: important: Security update for postgresql12 Message-ID: <20200818191851.6F9DBFDE4@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2271-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2271=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2271=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-12.4-3.11.1 libecpg6-debuginfo-12.4-3.11.1 postgresql12-contrib-12.4-3.11.1 postgresql12-contrib-debuginfo-12.4-3.11.1 postgresql12-debuginfo-12.4-3.11.1 postgresql12-debugsource-12.4-3.11.1 postgresql12-devel-12.4-3.11.1 postgresql12-devel-debuginfo-12.4-3.11.1 postgresql12-plperl-12.4-3.11.1 postgresql12-plperl-debuginfo-12.4-3.11.1 postgresql12-plpython-12.4-3.11.1 postgresql12-plpython-debuginfo-12.4-3.11.1 postgresql12-pltcl-12.4-3.11.1 postgresql12-pltcl-debuginfo-12.4-3.11.1 postgresql12-server-12.4-3.11.1 postgresql12-server-debuginfo-12.4-3.11.1 postgresql12-server-devel-12.4-3.11.1 postgresql12-server-devel-debuginfo-12.4-3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql12-docs-12.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-12.4-3.11.1 libpq5-debuginfo-12.4-3.11.1 postgresql12-12.4-3.11.1 postgresql12-debuginfo-12.4-3.11.1 postgresql12-debugsource-12.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpq5-32bit-12.4-3.11.1 libpq5-32bit-debuginfo-12.4-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 From sle-updates at lists.suse.com Wed Aug 19 07:13:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Aug 2020 15:13:19 +0200 (CEST) Subject: SUSE-SU-2020:2274-1: important: Security update for dovecot22 Message-ID: <20200819131319.E5A22FEC3@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2274-1 Rating: important References: #1174922 #1174923 Cross-References: CVE-2020-12673 CVE-2020-12674 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2274=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2274=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2274=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2274=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2274=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2274=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2274=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2274=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2274=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2274=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2274=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2274=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2274=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2274=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2274=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2274=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2274=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE OpenStack Cloud 9 (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE OpenStack Cloud 8 (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 dovecot22-devel-2.2.31-19.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 - HPE Helion Openstack 8 (x86_64): dovecot22-2.2.31-19.22.1 dovecot22-backend-mysql-2.2.31-19.22.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.22.1 dovecot22-backend-pgsql-2.2.31-19.22.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.22.1 dovecot22-backend-sqlite-2.2.31-19.22.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.22.1 dovecot22-debuginfo-2.2.31-19.22.1 dovecot22-debugsource-2.2.31-19.22.1 References: https://www.suse.com/security/cve/CVE-2020-12673.html https://www.suse.com/security/cve/CVE-2020-12674.html https://bugzilla.suse.com/1174922 https://bugzilla.suse.com/1174923 From sle-updates at lists.suse.com Wed Aug 19 10:13:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Aug 2020 18:13:06 +0200 (CEST) Subject: SUSE-SU-2020:2277-1: moderate: Security update for python3 Message-ID: <20200819161306.01B79FEC3@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2277-1 Rating: moderate References: #1174091 Cross-References: CVE-2019-20907 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2277=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2277=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2277=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2277=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.59.1 python3-base-debugsource-3.6.10-3.59.1 python3-tools-3.6.10-3.59.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.59.1 python3-base-debugsource-3.6.10-3.59.1 python3-tools-3.6.10-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.59.1 libpython3_6m1_0-debuginfo-3.6.10-3.59.1 python3-3.6.10-3.59.1 python3-base-3.6.10-3.59.1 python3-base-debuginfo-3.6.10-3.59.1 python3-base-debugsource-3.6.10-3.59.1 python3-curses-3.6.10-3.59.1 python3-curses-debuginfo-3.6.10-3.59.1 python3-dbm-3.6.10-3.59.1 python3-dbm-debuginfo-3.6.10-3.59.1 python3-debuginfo-3.6.10-3.59.1 python3-debugsource-3.6.10-3.59.1 python3-devel-3.6.10-3.59.1 python3-devel-debuginfo-3.6.10-3.59.1 python3-idle-3.6.10-3.59.1 python3-tk-3.6.10-3.59.1 python3-tk-debuginfo-3.6.10-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.59.1 libpython3_6m1_0-debuginfo-3.6.10-3.59.1 python3-3.6.10-3.59.1 python3-base-3.6.10-3.59.1 python3-base-debuginfo-3.6.10-3.59.1 python3-base-debugsource-3.6.10-3.59.1 python3-curses-3.6.10-3.59.1 python3-curses-debuginfo-3.6.10-3.59.1 python3-dbm-3.6.10-3.59.1 python3-dbm-debuginfo-3.6.10-3.59.1 python3-debuginfo-3.6.10-3.59.1 python3-debugsource-3.6.10-3.59.1 python3-devel-3.6.10-3.59.1 python3-devel-debuginfo-3.6.10-3.59.1 python3-idle-3.6.10-3.59.1 python3-testsuite-3.6.10-3.59.1 python3-tk-3.6.10-3.59.1 python3-tk-debuginfo-3.6.10-3.59.1 References: https://www.suse.com/security/cve/CVE-2019-20907.html https://bugzilla.suse.com/1174091 From sle-updates at lists.suse.com Wed Aug 19 10:13:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Aug 2020 18:13:53 +0200 (CEST) Subject: SUSE-SU-2020:2275-1: moderate: Security update for python Message-ID: <20200819161353.34CA4FEC3@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2275-1 Rating: moderate References: #1174091 Cross-References: CVE-2019-20907 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2275=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2275=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2275=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.17-28.48.1 python-base-debugsource-2.7.17-28.48.1 python-devel-2.7.17-28.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.48.1 libpython2_7-1_0-debuginfo-2.7.17-28.48.1 python-2.7.17-28.48.1 python-base-2.7.17-28.48.1 python-base-debuginfo-2.7.17-28.48.1 python-base-debugsource-2.7.17-28.48.1 python-curses-2.7.17-28.48.1 python-curses-debuginfo-2.7.17-28.48.1 python-debuginfo-2.7.17-28.48.1 python-debugsource-2.7.17-28.48.1 python-demo-2.7.17-28.48.1 python-devel-2.7.17-28.48.1 python-gdbm-2.7.17-28.48.1 python-gdbm-debuginfo-2.7.17-28.48.1 python-idle-2.7.17-28.48.1 python-tk-2.7.17-28.48.1 python-tk-debuginfo-2.7.17-28.48.1 python-xml-2.7.17-28.48.1 python-xml-debuginfo-2.7.17-28.48.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.48.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.48.1 python-32bit-2.7.17-28.48.1 python-base-32bit-2.7.17-28.48.1 python-base-debuginfo-32bit-2.7.17-28.48.1 python-debuginfo-32bit-2.7.17-28.48.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.17-28.48.1 python-doc-pdf-2.7.17-28.48.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.17-28.48.1 python-debugsource-2.7.17-28.48.1 python-strict-tls-check-2.7.17-28.48.1 References: https://www.suse.com/security/cve/CVE-2019-20907.html https://bugzilla.suse.com/1174091 From sle-updates at lists.suse.com Wed Aug 19 10:14:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Aug 2020 18:14:43 +0200 (CEST) Subject: SUSE-SU-2020:2276-1: moderate: Security update for python Message-ID: <20200819161443.CA0AEFEC3@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2276-1 Rating: moderate References: #1174091 Cross-References: CVE-2019-20907 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2276=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2276=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2276=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2276=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2276=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2276=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.41.1 python-base-debugsource-2.7.17-7.41.1 python-curses-2.7.17-7.41.1 python-curses-debuginfo-2.7.17-7.41.1 python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 python-devel-2.7.17-7.41.1 python-gdbm-2.7.17-7.41.1 python-gdbm-debuginfo-2.7.17-7.41.1 python-xml-2.7.17-7.41.1 python-xml-debuginfo-2.7.17-7.41.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.41.1 python-base-debugsource-2.7.17-7.41.1 python-curses-2.7.17-7.41.1 python-curses-debuginfo-2.7.17-7.41.1 python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 python-devel-2.7.17-7.41.1 python-gdbm-2.7.17-7.41.1 python-gdbm-debuginfo-2.7.17-7.41.1 python-xml-2.7.17-7.41.1 python-xml-debuginfo-2.7.17-7.41.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 python-tk-2.7.17-7.41.1 python-tk-debuginfo-2.7.17-7.41.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 python-tk-2.7.17-7.41.1 python-tk-debuginfo-2.7.17-7.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.41.1 libpython2_7-1_0-debuginfo-2.7.17-7.41.1 python-2.7.17-7.41.1 python-base-2.7.17-7.41.1 python-base-debuginfo-2.7.17-7.41.1 python-base-debugsource-2.7.17-7.41.1 python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.41.1 libpython2_7-1_0-debuginfo-2.7.17-7.41.1 python-2.7.17-7.41.1 python-base-2.7.17-7.41.1 python-base-debuginfo-2.7.17-7.41.1 python-base-debugsource-2.7.17-7.41.1 python-debuginfo-2.7.17-7.41.1 python-debugsource-2.7.17-7.41.1 References: https://www.suse.com/security/cve/CVE-2019-20907.html https://bugzilla.suse.com/1174091 From sle-updates at lists.suse.com Wed Aug 19 19:13:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 03:13:02 +0200 (CEST) Subject: SUSE-RU-2020:2278-1: moderate: Recommended update for util-linux Message-ID: <20200820011302.D6E2AFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2278-1 Rating: moderate References: #1149911 #1151708 #1168235 #1168389 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2278=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2278=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.33.1-4.8.1 util-linux-systemd-debugsource-2.33.1-4.8.1 uuidd-2.33.1-4.8.1 uuidd-debuginfo-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.33.1-4.8.1 util-linux-systemd-debugsource-2.33.1-4.8.1 uuidd-2.33.1-4.8.1 uuidd-debuginfo-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.1-4.8.1 libblkid-devel-static-2.33.1-4.8.1 libblkid1-2.33.1-4.8.1 libblkid1-debuginfo-2.33.1-4.8.1 libfdisk-devel-2.33.1-4.8.1 libfdisk1-2.33.1-4.8.1 libfdisk1-debuginfo-2.33.1-4.8.1 libmount-devel-2.33.1-4.8.1 libmount1-2.33.1-4.8.1 libmount1-debuginfo-2.33.1-4.8.1 libsmartcols-devel-2.33.1-4.8.1 libsmartcols1-2.33.1-4.8.1 libsmartcols1-debuginfo-2.33.1-4.8.1 libuuid-devel-2.33.1-4.8.1 libuuid-devel-static-2.33.1-4.8.1 libuuid1-2.33.1-4.8.1 libuuid1-debuginfo-2.33.1-4.8.1 util-linux-2.33.1-4.8.1 util-linux-debuginfo-2.33.1-4.8.1 util-linux-debugsource-2.33.1-4.8.1 util-linux-systemd-2.33.1-4.8.1 util-linux-systemd-debuginfo-2.33.1-4.8.1 util-linux-systemd-debugsource-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libblkid1-32bit-2.33.1-4.8.1 libblkid1-32bit-debuginfo-2.33.1-4.8.1 libmount1-32bit-2.33.1-4.8.1 libmount1-32bit-debuginfo-2.33.1-4.8.1 libuuid1-32bit-2.33.1-4.8.1 libuuid1-32bit-debuginfo-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): util-linux-lang-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.1-4.8.1 libblkid-devel-static-2.33.1-4.8.1 libblkid1-2.33.1-4.8.1 libblkid1-debuginfo-2.33.1-4.8.1 libfdisk-devel-2.33.1-4.8.1 libfdisk1-2.33.1-4.8.1 libfdisk1-debuginfo-2.33.1-4.8.1 libmount-devel-2.33.1-4.8.1 libmount1-2.33.1-4.8.1 libmount1-debuginfo-2.33.1-4.8.1 libsmartcols-devel-2.33.1-4.8.1 libsmartcols1-2.33.1-4.8.1 libsmartcols1-debuginfo-2.33.1-4.8.1 libuuid-devel-2.33.1-4.8.1 libuuid-devel-static-2.33.1-4.8.1 libuuid1-2.33.1-4.8.1 libuuid1-debuginfo-2.33.1-4.8.1 util-linux-2.33.1-4.8.1 util-linux-debuginfo-2.33.1-4.8.1 util-linux-debugsource-2.33.1-4.8.1 util-linux-systemd-2.33.1-4.8.1 util-linux-systemd-debuginfo-2.33.1-4.8.1 util-linux-systemd-debugsource-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): util-linux-lang-2.33.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libblkid1-32bit-2.33.1-4.8.1 libblkid1-32bit-debuginfo-2.33.1-4.8.1 libmount1-32bit-2.33.1-4.8.1 libmount1-32bit-debuginfo-2.33.1-4.8.1 libuuid1-32bit-2.33.1-4.8.1 libuuid1-32bit-debuginfo-2.33.1-4.8.1 References: https://bugzilla.suse.com/1149911 https://bugzilla.suse.com/1151708 https://bugzilla.suse.com/1168235 https://bugzilla.suse.com/1168389 From sle-updates at lists.suse.com Wed Aug 19 19:14:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 03:14:07 +0200 (CEST) Subject: SUSE-RU-2020:2280-1: moderate: Recommended update for devscripts Message-ID: <20200820011407.1338DFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for devscripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2280-1 Rating: moderate References: #1174163 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for devscripts fixes the following issue: Update from version 2.15.1 to version 2.19.5 (bsc#1174163) - Add conflicts on packages with the same binaries. - Fixed license tag as suggested by licensedigger. - Changed download location for source tarball from Debian package pool to salsa.debian.org to avoid download errors. - Remove support for ancient openSUSE and non-SUSE distributions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2280=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2280=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): checkbashisms-2.19.5-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): checkbashisms-2.19.5-3.3.1 References: https://bugzilla.suse.com/1174163 From sle-updates at lists.suse.com Wed Aug 19 19:14:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 03:14:46 +0200 (CEST) Subject: SUSE-RU-2020:2279-1: moderate: Recommended update for libzypp Message-ID: <20200820011446.592B8FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2279-1 Rating: moderate References: #1173106 #1174011 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) - Completey rework the purge-kernels algorithm. The new code is closer to the original perl script, grouping the packages by name before applying the keep spec. (bsc#1173106) - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2279=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2279=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2020-2279=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2279=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2279=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.24.1-3.46.1 libzypp-debuginfo-17.24.1-3.46.1 libzypp-debugsource-17.24.1-3.46.1 libzypp-devel-17.24.1-3.46.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.24.1-3.46.1 libzypp-debuginfo-17.24.1-3.46.1 libzypp-debugsource-17.24.1-3.46.1 libzypp-devel-17.24.1-3.46.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.24.1-3.46.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.24.1-3.46.1 libzypp-debuginfo-17.24.1-3.46.1 libzypp-debugsource-17.24.1-3.46.1 libzypp-devel-17.24.1-3.46.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.24.1-3.46.1 libzypp-debuginfo-17.24.1-3.46.1 libzypp-debugsource-17.24.1-3.46.1 libzypp-devel-17.24.1-3.46.1 References: https://bugzilla.suse.com/1173106 https://bugzilla.suse.com/1174011 From sle-updates at lists.suse.com Wed Aug 19 19:15:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 03:15:33 +0200 (CEST) Subject: SUSE-RU-2020:2281-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20200820011533.27F51FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2281-1 Rating: moderate References: #1174459 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_0_0 fixes the following issue: - Versioning the exported symbols and avoid failures due to the lack of versioning. (bsc#1174459) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2281=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2281=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2281=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.28.1 libopenssl1_0_0-1.0.2p-3.28.1 libopenssl1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-1.0.2p-3.28.1 openssl-1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-debugsource-1.0.2p-3.28.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.28.1 libopenssl1_0_0-1.0.2p-3.28.1 libopenssl1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-1.0.2p-3.28.1 openssl-1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-debugsource-1.0.2p-3.28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl1_0_0-1.0.2p-3.28.1 libopenssl1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-debuginfo-1.0.2p-3.28.1 openssl-1_0_0-debugsource-1.0.2p-3.28.1 References: https://bugzilla.suse.com/1174459 From sle-updates at lists.suse.com Wed Aug 19 19:16:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 03:16:11 +0200 (CEST) Subject: SUSE-RU-2020:2282-1: moderate: Recommended update for libgit2 Message-ID: <20200820011611.BF4B9FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2282-1 Rating: moderate References: #1157473 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgit2 provides the following fix: - Include the libgit2 package in SUSE Manager Server 4.0, no source changes made. (bsc#1157473) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2282=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): libgit2-26-0.26.8-3.12.1 libhttp_parser2_7_1-2.7.1-4.2.2 References: https://bugzilla.suse.com/1157473 From sle-updates at lists.suse.com Thu Aug 20 00:32:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 08:32:44 +0200 (CEST) Subject: SUSE-CU-2020:394-1: Recommended update of suse/sle15 Message-ID: <20200820063244.45CC0FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:394-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.251 Container Release : 4.22.251 Severity : moderate Type : recommended References : 1173106 1174011 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2279-1 Released: Wed Aug 19 21:26:55 2020 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1173106,1174011 This update for libzypp fixes the following issues: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) - Completey rework the purge-kernels algorithm. The new code is closer to the original perl script, grouping the packages by name before applying the keep spec. (bsc#1173106) - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. From sle-updates at lists.suse.com Thu Aug 20 00:40:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 08:40:10 +0200 (CEST) Subject: SUSE-CU-2020:395-1: Recommended update of suse/sle15 Message-ID: <20200820064010.95435FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:395-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.290 Container Release : 6.2.290 Severity : moderate Type : recommended References : 1149911 1151708 1168235 1168389 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) From sle-updates at lists.suse.com Thu Aug 20 00:41:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 08:41:32 +0200 (CEST) Subject: SUSE-CU-2020:396-1: Recommended update of suse/sle15 Message-ID: <20200820064132.65AE3FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:396-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.728 Container Release : 8.2.728 Severity : moderate Type : recommended References : 1149911 1151708 1168235 1168389 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) From sle-updates at lists.suse.com Thu Aug 20 10:13:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 18:13:19 +0200 (CEST) Subject: SUSE-SU-2020:2283-1: moderate: Security update for libreoffice Message-ID: <20200820161319.B9F3DFEC3@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2283-1 Rating: moderate References: #1062631 #1146025 #1157627 #1165849 #1172053 #1172189 #1172795 #1172796 Cross-References: CVE-2020-12802 CVE-2020-12803 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for libreoffice fixes the following issues: - Update to 6.4.5.2: * Various fixes all around - Remove mime-info and application-registry dirs bsc#1062631 - Fix bsc#1172053 - LO-L3: Image disappears during roundtrip 365->Impress->365 * bsc1172053.diff - Fix bsc#1172189 - LO-L3: Impress crashes midway opening a PPTX document * bsc1172189.diff - Fix bsc#1157627 - LO-L3: Some XML-created shapes simply lost upon PPTX import (= earth loses countries) * bsc1157627.diff - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2283=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2283=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-6.4.5.2-43.68.1 libreoffice-icon-themes-6.4.5.2-43.68.1 libreoffice-l10n-af-6.4.5.2-43.68.1 libreoffice-l10n-ar-6.4.5.2-43.68.1 libreoffice-l10n-bg-6.4.5.2-43.68.1 libreoffice-l10n-ca-6.4.5.2-43.68.1 libreoffice-l10n-cs-6.4.5.2-43.68.1 libreoffice-l10n-da-6.4.5.2-43.68.1 libreoffice-l10n-de-6.4.5.2-43.68.1 libreoffice-l10n-en-6.4.5.2-43.68.1 libreoffice-l10n-es-6.4.5.2-43.68.1 libreoffice-l10n-fi-6.4.5.2-43.68.1 libreoffice-l10n-fr-6.4.5.2-43.68.1 libreoffice-l10n-gu-6.4.5.2-43.68.1 libreoffice-l10n-hi-6.4.5.2-43.68.1 libreoffice-l10n-hr-6.4.5.2-43.68.1 libreoffice-l10n-hu-6.4.5.2-43.68.1 libreoffice-l10n-it-6.4.5.2-43.68.1 libreoffice-l10n-ja-6.4.5.2-43.68.1 libreoffice-l10n-ko-6.4.5.2-43.68.1 libreoffice-l10n-lt-6.4.5.2-43.68.1 libreoffice-l10n-nb-6.4.5.2-43.68.1 libreoffice-l10n-nl-6.4.5.2-43.68.1 libreoffice-l10n-nn-6.4.5.2-43.68.1 libreoffice-l10n-pl-6.4.5.2-43.68.1 libreoffice-l10n-pt_BR-6.4.5.2-43.68.1 libreoffice-l10n-pt_PT-6.4.5.2-43.68.1 libreoffice-l10n-ro-6.4.5.2-43.68.1 libreoffice-l10n-ru-6.4.5.2-43.68.1 libreoffice-l10n-sk-6.4.5.2-43.68.1 libreoffice-l10n-sv-6.4.5.2-43.68.1 libreoffice-l10n-uk-6.4.5.2-43.68.1 libreoffice-l10n-xh-6.4.5.2-43.68.1 libreoffice-l10n-zh_CN-6.4.5.2-43.68.1 libreoffice-l10n-zh_TW-6.4.5.2-43.68.1 libreoffice-l10n-zu-6.4.5.2-43.68.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libreoffice-6.4.5.2-43.68.1 libreoffice-base-6.4.5.2-43.68.1 libreoffice-base-debuginfo-6.4.5.2-43.68.1 libreoffice-base-drivers-postgresql-6.4.5.2-43.68.1 libreoffice-base-drivers-postgresql-debuginfo-6.4.5.2-43.68.1 libreoffice-calc-6.4.5.2-43.68.1 libreoffice-calc-debuginfo-6.4.5.2-43.68.1 libreoffice-calc-extensions-6.4.5.2-43.68.1 libreoffice-debuginfo-6.4.5.2-43.68.1 libreoffice-debugsource-6.4.5.2-43.68.1 libreoffice-draw-6.4.5.2-43.68.1 libreoffice-draw-debuginfo-6.4.5.2-43.68.1 libreoffice-filters-optional-6.4.5.2-43.68.1 libreoffice-gnome-6.4.5.2-43.68.1 libreoffice-gnome-debuginfo-6.4.5.2-43.68.1 libreoffice-impress-6.4.5.2-43.68.1 libreoffice-impress-debuginfo-6.4.5.2-43.68.1 libreoffice-librelogo-6.4.5.2-43.68.1 libreoffice-mailmerge-6.4.5.2-43.68.1 libreoffice-math-6.4.5.2-43.68.1 libreoffice-math-debuginfo-6.4.5.2-43.68.1 libreoffice-officebean-6.4.5.2-43.68.1 libreoffice-officebean-debuginfo-6.4.5.2-43.68.1 libreoffice-pyuno-6.4.5.2-43.68.1 libreoffice-pyuno-debuginfo-6.4.5.2-43.68.1 libreoffice-writer-6.4.5.2-43.68.1 libreoffice-writer-debuginfo-6.4.5.2-43.68.1 libreoffice-writer-extensions-6.4.5.2-43.68.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-6.4.5.2-43.68.1 libreoffice-debugsource-6.4.5.2-43.68.1 libreoffice-sdk-6.4.5.2-43.68.1 libreoffice-sdk-debuginfo-6.4.5.2-43.68.1 References: https://www.suse.com/security/cve/CVE-2020-12802.html https://www.suse.com/security/cve/CVE-2020-12803.html https://bugzilla.suse.com/1062631 https://bugzilla.suse.com/1146025 https://bugzilla.suse.com/1157627 https://bugzilla.suse.com/1165849 https://bugzilla.suse.com/1172053 https://bugzilla.suse.com/1172189 https://bugzilla.suse.com/1172795 https://bugzilla.suse.com/1172796 From sle-updates at lists.suse.com Thu Aug 20 13:13:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 21:13:06 +0200 (CEST) Subject: SUSE-RU-2020:2284-1: important: Recommended update for ca-certificates-mozilla Message-ID: <20200820191306.DC79EFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2284-1 Rating: important References: #1010996 #1071152 #1071390 #1154871 #1174673 #973042 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2284=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2284=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2284=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2284=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2284=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): ca-certificates-mozilla-2.42-4.26.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): ca-certificates-mozilla-2.42-4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): ca-certificates-mozilla-2.42-4.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): ca-certificates-mozilla-2.42-4.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): ca-certificates-mozilla-2.42-4.26.1 References: https://bugzilla.suse.com/1010996 https://bugzilla.suse.com/1071152 https://bugzilla.suse.com/1071390 https://bugzilla.suse.com/1154871 https://bugzilla.suse.com/1174673 https://bugzilla.suse.com/973042 From sle-updates at lists.suse.com Thu Aug 20 13:15:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 21:15:13 +0200 (CEST) Subject: SUSE-RU-2020:2285-1: important: Recommended update for emacs Message-ID: <20200820191513.B8D3EFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2285-1 Rating: important References: #1175028 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs fixes the following issues: - Fix SIGSEGV introduced by a security fix for libX11 (bsc#1175028). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2285=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2285=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2285=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2285=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2285=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2285=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2285=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2285=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2285=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2285=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2285=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2285=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2285=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2285=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE OpenStack Cloud 9 (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE OpenStack Cloud 9 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE OpenStack Cloud 8 (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE OpenStack Cloud 8 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE OpenStack Cloud 7 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 - SUSE Enterprise Storage 5 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - HPE Helion Openstack 8 (noarch): emacs-el-24.3-25.6.1 emacs-info-24.3-25.6.1 - HPE Helion Openstack 8 (x86_64): emacs-24.3-25.6.1 emacs-debuginfo-24.3-25.6.1 emacs-debugsource-24.3-25.6.1 emacs-nox-24.3-25.6.1 emacs-nox-debuginfo-24.3-25.6.1 emacs-x11-24.3-25.6.1 emacs-x11-debuginfo-24.3-25.6.1 etags-24.3-25.6.1 etags-debuginfo-24.3-25.6.1 References: https://bugzilla.suse.com/1175028 From sle-updates at lists.suse.com Thu Aug 20 13:16:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 21:16:05 +0200 (CEST) Subject: SUSE-RU-2020:2287-1: moderate: Recommended update for grep Message-ID: <20200820191605.2DB28FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grep ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2287-1 Rating: moderate References: #1174080 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grep fixes the following issues: - Fix for -P treating invalid UTF-8 input and causing incosistency. (bsc#1174080) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2287=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grep-2.16-4.6.1 grep-debuginfo-2.16-4.6.1 grep-debugsource-2.16-4.6.1 References: https://bugzilla.suse.com/1174080 From sle-updates at lists.suse.com Thu Aug 20 13:16:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 21:16:53 +0200 (CEST) Subject: SUSE-RU-2020:14457-1: important: Recommended update for emacs Message-ID: <20200820191653.4C237FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14457-1 Rating: important References: #1175028 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs fixes the following issues: - Fix SIGSEGV introduced by a security fix for libX11 (bsc#1175028). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-emacs-14457=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-emacs-14457=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-emacs-14457=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-emacs-14457=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): emacs-22.3-42.6.1 emacs-el-22.3-42.6.1 emacs-info-22.3-42.6.1 emacs-nox-22.3-42.6.1 emacs-x11-22.3-42.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): emacs-22.3-42.6.1 emacs-el-22.3-42.6.1 emacs-info-22.3-42.6.1 emacs-nox-22.3-42.6.1 emacs-x11-22.3-42.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): emacs-debuginfo-22.3-42.6.1 emacs-debugsource-22.3-42.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): emacs-debuginfo-22.3-42.6.1 emacs-debugsource-22.3-42.6.1 References: https://bugzilla.suse.com/1175028 From sle-updates at lists.suse.com Thu Aug 20 13:17:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Aug 2020 21:17:42 +0200 (CEST) Subject: SUSE-RU-2020:14458-1: moderate: Recommended update for MozillaFirefox-branding-SLED Message-ID: <20200820191742.0666BFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox-branding-SLED ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14458-1 Rating: moderate References: #1162828 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for MozillaFirefox-branding-SLED fixes the following issues: - Add missing dependencies which are not automatically added due to `AutoReqProv: no` (bsc#1162828) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-branding-SLED-14458=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-branding-SLED-78-21.15.1 References: https://bugzilla.suse.com/1162828 From sle-updates at lists.suse.com Fri Aug 21 00:10:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 08:10:24 +0200 (CEST) Subject: SUSE-CU-2020:397-1: Recommended update of suse/sles12sp3 Message-ID: <20200821061024.EECBEFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:397-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.191 , suse/sles12sp3:latest Container Release : 24.191 Severity : moderate Type : recommended References : 1174080 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2287-1 Released: Thu Aug 20 16:07:37 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1174080 This update for grep fixes the following issues: - Fix for -P treating invalid UTF-8 input and causing incosistency. (bsc#1174080) From sle-updates at lists.suse.com Fri Aug 21 00:19:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 08:19:44 +0200 (CEST) Subject: SUSE-CU-2020:398-1: Recommended update of suse/sles12sp4 Message-ID: <20200821061944.2126BFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:398-1 Container Tags : suse/sles12sp4:26.222 , suse/sles12sp4:latest Container Release : 26.222 Severity : moderate Type : recommended References : 1174080 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2287-1 Released: Thu Aug 20 16:07:37 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1174080 This update for grep fixes the following issues: - Fix for -P treating invalid UTF-8 input and causing incosistency. (bsc#1174080) From sle-updates at lists.suse.com Fri Aug 21 00:24:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 08:24:25 +0200 (CEST) Subject: SUSE-CU-2020:399-1: Recommended update of suse/sles12sp5 Message-ID: <20200821062425.D8A0BFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:399-1 Container Tags : suse/sles12sp5:6.5.43 , suse/sles12sp5:latest Container Release : 6.5.43 Severity : moderate Type : recommended References : 1174080 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2287-1 Released: Thu Aug 20 16:07:37 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1174080 This update for grep fixes the following issues: - Fix for -P treating invalid UTF-8 input and causing incosistency. (bsc#1174080) From sle-updates at lists.suse.com Fri Aug 21 00:35:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 08:35:21 +0200 (CEST) Subject: SUSE-CU-2020:400-1: Recommended update of suse/sle15 Message-ID: <20200821063521.36E0DFF11@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:400-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.252 Container Release : 4.22.252 Severity : important Type : recommended References : 1010996 1071152 1071390 1154871 1174673 973042 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2284-1 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) From sle-updates at lists.suse.com Fri Aug 21 00:42:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 08:42:47 +0200 (CEST) Subject: SUSE-CU-2020:401-1: Recommended update of suse/sle15 Message-ID: <20200821064247.B113CFF11@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:401-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.291 Container Release : 6.2.291 Severity : important Type : recommended References : 1010996 1071152 1071390 1154871 1174673 973042 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2284-1 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) From sle-updates at lists.suse.com Fri Aug 21 07:13:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 15:13:30 +0200 (CEST) Subject: SUSE-OU-2020:2291-1: Optional update for xmltooling Message-ID: <20200821131330.5AEDDFEC3@maintenance.suse.de> SUSE Optional Update: Optional update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2291-1 Rating: low References: #1172351 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for xmltooling doesn't fix any user visible bugs. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2291=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.6.4-3.6.1 libxmltooling7-1.6.4-3.6.1 libxmltooling7-debuginfo-1.6.4-3.6.1 xmltooling-debugsource-1.6.4-3.6.1 xmltooling-schemas-1.6.4-3.6.1 References: https://bugzilla.suse.com/1172351 From sle-updates at lists.suse.com Fri Aug 21 07:14:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 15:14:19 +0200 (CEST) Subject: SUSE-RU-2020:2289-1: moderate: Recommended update for davfs2 Message-ID: <20200821131419.AB12CFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for davfs2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2289-1 Rating: moderate References: #1173419 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for davfs2 fixes the following issue: - Respect nofail option and avoid to fail upon boot if the remote resource is not available. (bsc#1173419) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2289=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2289=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): davfs2-1.5.4-3.3.1 davfs2-debuginfo-1.5.4-3.3.1 davfs2-debugsource-1.5.4-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): davfs2-1.5.4-3.3.1 davfs2-debuginfo-1.5.4-3.3.1 davfs2-debugsource-1.5.4-3.3.1 References: https://bugzilla.suse.com/1173419 From sle-updates at lists.suse.com Fri Aug 21 07:15:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 15:15:10 +0200 (CEST) Subject: SUSE-RU-2020:2290-1: moderate: Recommended update for pam_ldap Message-ID: <20200821131510.CBA61FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2290-1 Rating: moderate References: #1142583 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam_ldap fixes the following issues: - Fix a memory leak found during certain pam configurations. (bsc#1142583) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2290=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): pam_ldap-186-11.3.1 pam_ldap-debuginfo-186-11.3.1 pam_ldap-debugsource-186-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): pam_ldap-32bit-186-11.3.1 pam_ldap-debuginfo-32bit-186-11.3.1 References: https://bugzilla.suse.com/1142583 From sle-updates at lists.suse.com Fri Aug 21 10:13:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 18:13:54 +0200 (CEST) Subject: SUSE-SU-2020:2292-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20200821161354.DBCDAFEC3@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2292-1 Rating: moderate References: #1141663 #1150657 #1153578 #1155794 #1159184 #1159202 #1162391 #1167556 #1167871 #1168227 #1169109 #1169865 #1170331 #1172831 #1173073 #1173946 #1174167 #1174700 #1174768 #1174965 Cross-References: CVE-2020-11022 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 19 fixes is now available. Description: This update fixes the following issues: bind-formula: - Remove wrong default for bind options preventing correct upload of bind options using XMLRPC (bsc#1150657) branch-network-formula: - Make branch formula to assign home directory to ftp and tftp users (bsc#1162391) py26-compat-salt: - Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs) - Backport saltutil state module to 2016.11 codebase (bsc#1167556) - Add new custom SUSE capability for saltutil state module python-susemanager-retail: - Allow bind options to be stored to and edited by retail_yaml (bsc#1150657) release-notes-susemanager: - Update to 3.2.15 - Bugs mentioned bsc#1150657, bsc#1162391, bsc#1167556, bsc#1174965, bsc#1170331, bsc#1159184, bsc#1168227, bsc#1172831, bsc#1173073, bsc#1167871, bsc#1169109, bsc#1159202, bsc#1168227, bsc#1153578, bsc#1141663, bsc#1174768, bsc#1173946, bsc#1174167, bsc#1169865, bsc#1155794 spacewalk-backend: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) - Do not make mgr-inter-sync to crash if there are non-ASCII characters on an exception message (bsc#1170331) - Validate cached package entries on ISS slave (bsc#1159184) spacewalk-client-tools: - Do not crash 'mgr-update-status' because 'long' type is not defined in Python 3 spacewalk-java: - Skip upgrades when the target has not the same amount of products as the installed set (bsc#1168227) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Prevent deadlock on suseusernotification (bsc#1173073) - Avoid multiple base channels when onboarding minions (bsc#1167871) - Hide message about changed Update Tag change (bsc#1169109) - Refresh pillar after channel change - Use 'changes' field if 'pchanges' field doesn't exist (bsc#1159202) - Skip migration targets when they do not have the same amount of products as the installed set (bsc#1168227) spacewalk-utils: - Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578) - Fixes SSL hostname matching (bsc#1141663) spacewalk-web: - Fix saving of formulas (bsc#1174768) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) susemanager: - Use python2-uyuni-common-libs and python3-uyuni-common-libs for bootstrap repositories (bsc#1173946) - Add 'python-singledispatch' to SLE12 (all SPs) and RES7 bootstrap repos. (bsc#1174700) - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) - Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865) - Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1 bootstrap repositories - Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud SLE12SP5 clients (they do not have it by defaul anymore) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Avoid traceback error due lazy loading which_bin (bsc#1155794) - Using new module path for which_bin to get rid of DeprecationWarning How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2292=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.15-6.61.1 susemanager-3.2.24-3.43.1 susemanager-tools-3.2.24-3.43.1 - SUSE Manager Server 3.2 (noarch): bind-formula-0.1.1584363976.36bce64-3.6.1 branch-network-formula-0.1.1584363976.36bce64-3.9.1 py26-compat-salt-2016.11.10-6.38.1 python-susemanager-retail-1.0.1584363976.36bce64-2.12.1 python2-spacewalk-client-tools-2.8.22.8-3.15.1 spacewalk-backend-2.8.57.23-3.51.1 spacewalk-backend-app-2.8.57.23-3.51.1 spacewalk-backend-applet-2.8.57.23-3.51.1 spacewalk-backend-config-files-2.8.57.23-3.51.1 spacewalk-backend-config-files-common-2.8.57.23-3.51.1 spacewalk-backend-config-files-tool-2.8.57.23-3.51.1 spacewalk-backend-iss-2.8.57.23-3.51.1 spacewalk-backend-iss-export-2.8.57.23-3.51.1 spacewalk-backend-libs-2.8.57.23-3.51.1 spacewalk-backend-package-push-server-2.8.57.23-3.51.1 spacewalk-backend-server-2.8.57.23-3.51.1 spacewalk-backend-sql-2.8.57.23-3.51.1 spacewalk-backend-sql-oracle-2.8.57.23-3.51.1 spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1 spacewalk-backend-tools-2.8.57.23-3.51.1 spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1 spacewalk-backend-xmlrpc-2.8.57.23-3.51.1 spacewalk-base-2.8.7.24-3.48.1 spacewalk-base-minimal-2.8.7.24-3.48.1 spacewalk-base-minimal-config-2.8.7.24-3.48.1 spacewalk-client-tools-2.8.22.8-3.15.1 spacewalk-html-2.8.7.24-3.48.1 spacewalk-java-2.8.78.29-3.50.1 spacewalk-java-config-2.8.78.29-3.50.1 spacewalk-java-lib-2.8.78.29-3.50.1 spacewalk-java-oracle-2.8.78.29-3.50.1 spacewalk-java-postgresql-2.8.78.29-3.50.1 spacewalk-taskomatic-2.8.78.29-3.50.1 spacewalk-utils-2.8.18.7-3.15.1 susemanager-frontend-libs-3.2.5-3.13.1 susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1 susemanager-schema-3.2.24-3.40.1 susemanager-sls-3.2.31-3.47.1 susemanager-web-libs-2.8.7.24-3.48.1 References: https://www.suse.com/security/cve/CVE-2020-11022.html https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1150657 https://bugzilla.suse.com/1153578 https://bugzilla.suse.com/1155794 https://bugzilla.suse.com/1159184 https://bugzilla.suse.com/1159202 https://bugzilla.suse.com/1162391 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1167871 https://bugzilla.suse.com/1168227 https://bugzilla.suse.com/1169109 https://bugzilla.suse.com/1169865 https://bugzilla.suse.com/1170331 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173946 https://bugzilla.suse.com/1174167 https://bugzilla.suse.com/1174700 https://bugzilla.suse.com/1174768 https://bugzilla.suse.com/1174965 From sle-updates at lists.suse.com Fri Aug 21 10:16:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 18:16:49 +0200 (CEST) Subject: SUSE-SU-2020:2292-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20200821161649.855B3FEC3@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2292-1 Rating: moderate References: #1141663 #1150657 #1153578 #1155794 #1159184 #1159202 #1162391 #1166284 #1167556 #1167871 #1168227 #1169109 #1169865 #1170331 #1171169 #1172462 #1172831 #1173073 #1173946 #1174167 #1174700 #1174768 #1174965 Cross-References: CVE-2020-11022 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 22 fixes is now available. Description: This update fixes the following issues: bind-formula: - Remove wrong default for bind options preventing correct upload of bind options using XMLRPC (bsc#1150657) branch-network-formula: - Make branch formula to assign home directory to ftp and tftp users (bsc#1162391) py26-compat-salt: - Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs) - Backport saltutil state module to 2016.11 codebase (bsc#1167556) - Add new custom SUSE capability for saltutil state module python-susemanager-retail: - Allow bind options to be stored to and edited by retail_yaml (bsc#1150657) release-notes-susemanager: - Update to 3.2.15 - Bugs mentioned bsc#1150657, bsc#1162391, bsc#1167556, bsc#1174965, bsc#1170331, bsc#1159184, bsc#1168227, bsc#1172831, bsc#1173073, bsc#1167871, bsc#1169109, bsc#1159202, bsc#1168227, bsc#1153578, bsc#1141663, bsc#1174768, bsc#1173946, bsc#1174167, bsc#1169865, bsc#1155794 spacewalk-backend: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) - Do not make mgr-inter-sync to crash if there are non-ASCII characters on an exception message (bsc#1170331) - Validate cached package entries on ISS slave (bsc#1159184) spacewalk-client-tools: - Do not crash 'mgr-update-status' because 'long' type is not defined in Python 3 spacewalk-java: - Skip upgrades when the target has not the same amount of products as the installed set (bsc#1168227) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Prevent deadlock on suseusernotification (bsc#1173073) - Avoid multiple base channels when onboarding minions (bsc#1167871) - Hide message about changed Update Tag change (bsc#1169109) - Refresh pillar after channel change - Use 'changes' field if 'pchanges' field doesn't exist (bsc#1159202) - Skip migration targets when they do not have the same amount of products as the installed set (bsc#1168227) spacewalk-utils: - Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578) - Fixes SSL hostname matching (bsc#1141663) spacewalk-web: - Fix saving of formulas (bsc#1174768) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) susemanager: - Use python2-uyuni-common-libs and python3-uyuni-common-libs for bootstrap repositories (bsc#1173946) - Add 'python-singledispatch' to SLE12 (all SPs) and RES7 bootstrap repos. (bsc#1174700) - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) - Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865) - Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1 bootstrap repositories - Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud SLE12SP5 clients (they do not have it by defaul anymore) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Avoid traceback error due lazy loading which_bin (bsc#1155794) - Using new module path for which_bin to get rid of DeprecationWarning How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2292=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-2292=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.15-6.61.1 susemanager-3.2.24-3.43.1 susemanager-tools-3.2.24-3.43.1 - SUSE Manager Server 3.2 (noarch): bind-formula-0.1.1584363976.36bce64-3.6.1 branch-network-formula-0.1.1584363976.36bce64-3.9.1 py26-compat-salt-2016.11.10-6.38.1 python-susemanager-retail-1.0.1584363976.36bce64-2.12.1 python2-spacewalk-client-tools-2.8.22.8-3.15.1 spacewalk-backend-2.8.57.23-3.51.1 spacewalk-backend-app-2.8.57.23-3.51.1 spacewalk-backend-applet-2.8.57.23-3.51.1 spacewalk-backend-config-files-2.8.57.23-3.51.1 spacewalk-backend-config-files-common-2.8.57.23-3.51.1 spacewalk-backend-config-files-tool-2.8.57.23-3.51.1 spacewalk-backend-iss-2.8.57.23-3.51.1 spacewalk-backend-iss-export-2.8.57.23-3.51.1 spacewalk-backend-libs-2.8.57.23-3.51.1 spacewalk-backend-package-push-server-2.8.57.23-3.51.1 spacewalk-backend-server-2.8.57.23-3.51.1 spacewalk-backend-sql-2.8.57.23-3.51.1 spacewalk-backend-sql-oracle-2.8.57.23-3.51.1 spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1 spacewalk-backend-tools-2.8.57.23-3.51.1 spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1 spacewalk-backend-xmlrpc-2.8.57.23-3.51.1 spacewalk-base-2.8.7.24-3.48.1 spacewalk-base-minimal-2.8.7.24-3.48.1 spacewalk-base-minimal-config-2.8.7.24-3.48.1 spacewalk-client-tools-2.8.22.8-3.15.1 spacewalk-html-2.8.7.24-3.48.1 spacewalk-java-2.8.78.29-3.50.1 spacewalk-java-config-2.8.78.29-3.50.1 spacewalk-java-lib-2.8.78.29-3.50.1 spacewalk-java-oracle-2.8.78.29-3.50.1 spacewalk-java-postgresql-2.8.78.29-3.50.1 spacewalk-taskomatic-2.8.78.29-3.50.1 spacewalk-utils-2.8.18.7-3.15.1 susemanager-frontend-libs-3.2.5-3.13.1 susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1 susemanager-schema-3.2.24-3.40.1 susemanager-sls-3.2.31-3.47.1 susemanager-web-libs-2.8.7.24-3.48.1 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-check-2.8.22.8-3.15.1 python2-spacewalk-client-setup-2.8.22.8-3.15.1 python2-spacewalk-client-tools-2.8.22.8-3.15.1 python2-zypp-plugin-spacewalk-1.0.7-3.13.1 spacewalk-backend-2.8.57.23-3.51.1 spacewalk-backend-libs-2.8.57.23-3.51.1 spacewalk-base-minimal-2.8.7.24-3.48.1 spacewalk-base-minimal-config-2.8.7.24-3.48.1 spacewalk-check-2.8.22.8-3.15.1 spacewalk-client-setup-2.8.22.8-3.15.1 spacewalk-client-tools-2.8.22.8-3.15.1 spacewalk-proxy-installer-2.8.6.8-3.18.1 susemanager-web-libs-2.8.7.24-3.48.1 zypp-plugin-spacewalk-1.0.7-3.13.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.15-0.16.47.1 References: https://www.suse.com/security/cve/CVE-2020-11022.html https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1150657 https://bugzilla.suse.com/1153578 https://bugzilla.suse.com/1155794 https://bugzilla.suse.com/1159184 https://bugzilla.suse.com/1159202 https://bugzilla.suse.com/1162391 https://bugzilla.suse.com/1166284 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1167871 https://bugzilla.suse.com/1168227 https://bugzilla.suse.com/1169109 https://bugzilla.suse.com/1169865 https://bugzilla.suse.com/1170331 https://bugzilla.suse.com/1171169 https://bugzilla.suse.com/1172462 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173946 https://bugzilla.suse.com/1174167 https://bugzilla.suse.com/1174700 https://bugzilla.suse.com/1174768 https://bugzilla.suse.com/1174965 From sle-updates at lists.suse.com Fri Aug 21 13:16:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Aug 2020 21:16:06 +0200 (CEST) Subject: SUSE-RU-2020:2294-1: important: Recommended update for openldap2 Message-ID: <20200821191606.2A0EAFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2294-1 Rating: important References: #1174537 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Fixes an issue where slapd failed to start due to the missing pwdMaxRecordedFailure attribute (bsc#1174537) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2294=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2294=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2294=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2294=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2294=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2294=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2294=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2294=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2294=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2294=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2294=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2294=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2294=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2294=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2294=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2294=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2294=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE OpenStack Cloud 9 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE OpenStack Cloud 9 (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE OpenStack Cloud 8 (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE OpenStack Cloud 8 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE OpenStack Cloud 7 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.74.1 openldap2-back-perl-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-devel-2.4.41-18.74.1 openldap2-devel-static-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - SUSE Enterprise Storage 5 (noarch): openldap2-doc-2.4.41-18.74.1 - SUSE Enterprise Storage 5 (x86_64): libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 - HPE Helion Openstack 8 (x86_64): libldap-2_4-2-2.4.41-18.74.1 libldap-2_4-2-32bit-2.4.41-18.74.1 libldap-2_4-2-debuginfo-2.4.41-18.74.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.74.1 openldap2-2.4.41-18.74.1 openldap2-back-meta-2.4.41-18.74.1 openldap2-back-meta-debuginfo-2.4.41-18.74.1 openldap2-client-2.4.41-18.74.1 openldap2-client-debuginfo-2.4.41-18.74.1 openldap2-debuginfo-2.4.41-18.74.1 openldap2-debugsource-2.4.41-18.74.1 openldap2-ppolicy-check-password-1.2-18.74.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.74.1 - HPE Helion Openstack 8 (noarch): openldap2-doc-2.4.41-18.74.1 References: https://bugzilla.suse.com/1174537 From sle-updates at lists.suse.com Sat Aug 22 00:14:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Aug 2020 08:14:52 +0200 (CEST) Subject: SUSE-CU-2020:412-1: Recommended update of suse/sles12sp3 Message-ID: <20200822061452.F41E0FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:412-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.192 , suse/sles12sp3:latest Container Release : 24.192 Severity : important Type : recommended References : 1174537 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2294-1 Released: Fri Aug 21 16:59:17 2020 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1174537 This update for openldap2 fixes the following issues: - Fixes an issue where slapd failed to start due to the missing pwdMaxRecordedFailure attribute (bsc#1174537) From sle-updates at lists.suse.com Sat Aug 22 00:24:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Aug 2020 08:24:55 +0200 (CEST) Subject: SUSE-CU-2020:413-1: Recommended update of suse/sles12sp4 Message-ID: <20200822062455.65904FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:413-1 Container Tags : suse/sles12sp4:26.223 , suse/sles12sp4:latest Container Release : 26.223 Severity : important Type : recommended References : 1174537 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2294-1 Released: Fri Aug 21 16:59:17 2020 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1174537 This update for openldap2 fixes the following issues: - Fixes an issue where slapd failed to start due to the missing pwdMaxRecordedFailure attribute (bsc#1174537) From sle-updates at lists.suse.com Sat Aug 22 00:30:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Aug 2020 08:30:07 +0200 (CEST) Subject: SUSE-CU-2020:414-1: Recommended update of suse/sles12sp5 Message-ID: <20200822063007.46DFAFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:414-1 Container Tags : suse/sles12sp5:6.5.44 , suse/sles12sp5:latest Container Release : 6.5.44 Severity : important Type : recommended References : 1174537 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2294-1 Released: Fri Aug 21 16:59:17 2020 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1174537 This update for openldap2 fixes the following issues: - Fixes an issue where slapd failed to start due to the missing pwdMaxRecordedFailure attribute (bsc#1174537) From sle-updates at lists.suse.com Mon Aug 24 07:16:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Aug 2020 15:16:52 +0200 (CEST) Subject: SUSE-SU-2020:2296-1: moderate: Security update for gettext-runtime Message-ID: <20200824131652.2F403FEC3@maintenance.suse.de> SUSE Security Update: Security update for gettext-runtime ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2296-1 Rating: moderate References: #1106843 #1113719 #941629 Cross-References: CVE-2018-18751 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2296=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2296=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gettext-runtime-0.19.8.1-4.8.1 gettext-runtime-debuginfo-0.19.8.1-4.8.1 gettext-runtime-debugsource-0.19.8.1-4.8.1 gettext-tools-0.19.8.1-4.8.1 gettext-tools-debuginfo-0.19.8.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): gettext-runtime-32bit-0.19.8.1-4.8.1 gettext-runtime-32bit-debuginfo-0.19.8.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gettext-runtime-0.19.8.1-4.8.1 gettext-runtime-debuginfo-0.19.8.1-4.8.1 gettext-runtime-debugsource-0.19.8.1-4.8.1 gettext-tools-0.19.8.1-4.8.1 gettext-tools-debuginfo-0.19.8.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): gettext-runtime-32bit-0.19.8.1-4.8.1 gettext-runtime-32bit-debuginfo-0.19.8.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2018-18751.html https://bugzilla.suse.com/1106843 https://bugzilla.suse.com/1113719 https://bugzilla.suse.com/941629 From sle-updates at lists.suse.com Mon Aug 24 10:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Aug 2020 18:13:29 +0200 (CEST) Subject: SUSE-SU-2020:14460-1: important: Security update for squid3 Message-ID: <20200824161329.76FB9FEC3@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14460-1 Rating: important References: #1140738 #1141329 #1141332 #1156323 #1156324 #1156326 #1156328 #1156329 #1162687 #1162689 #1162691 #1167373 #1169659 #1170313 #1170423 #1173304 #1173455 Cross-References: CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14059 CVE-2020-15049 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) - Fixed handling of hostname in cachemgr.cgi (CVE-2019-18860, bsc#1167373) - Fixed a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) - Fixed a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (CVE-2019-12520, CVE-2019-12524, bsc#1170423) - Fixed a potential denial of service when processing TLS certificates during HTTPS connections (CVE-2020-14059, bsc#1173304) - Fixed a potential denial of service associated with incorrect buffer management of HTTP Basic Authentication credentials (bsc#1141329, CVE-2019-12529) - Fixed an incorrect buffer management resulting in vulnerability to a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332, CVE-2019-12525) - Fix XSS via user_name or auth parameter in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - Fixed a potential code execution vulnerability (CVE-2019-12526, bsc#1156326) - Fixed HTTP Request Splitting in HTTP message processing and information disclosure in HTTP Digest Authentication (CVE-2019-18678, CVE-2019-18679, bsc#1156323, bsc#1156324) - Fixed a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) - Fixed a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) - Fixed a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) - Fixed Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) - Disable urn parsing and parsing of unknown schemes (bsc#1156329, CVE-2019-12523, CVE-2019-18676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-squid3-14460=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-squid3-14460=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-14460=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): squid3-3.1.23-8.16.37.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): squid3-3.1.23-8.16.37.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): squid3-debuginfo-3.1.23-8.16.37.12.1 squid3-debugsource-3.1.23-8.16.37.12.1 References: https://www.suse.com/security/cve/CVE-2019-12519.html https://www.suse.com/security/cve/CVE-2019-12520.html https://www.suse.com/security/cve/CVE-2019-12521.html https://www.suse.com/security/cve/CVE-2019-12523.html https://www.suse.com/security/cve/CVE-2019-12524.html https://www.suse.com/security/cve/CVE-2019-12525.html https://www.suse.com/security/cve/CVE-2019-12526.html https://www.suse.com/security/cve/CVE-2019-12528.html https://www.suse.com/security/cve/CVE-2019-12529.html https://www.suse.com/security/cve/CVE-2019-13345.html https://www.suse.com/security/cve/CVE-2019-18676.html https://www.suse.com/security/cve/CVE-2019-18677.html https://www.suse.com/security/cve/CVE-2019-18678.html https://www.suse.com/security/cve/CVE-2019-18679.html https://www.suse.com/security/cve/CVE-2019-18860.html https://www.suse.com/security/cve/CVE-2020-11945.html https://www.suse.com/security/cve/CVE-2020-14059.html https://www.suse.com/security/cve/CVE-2020-15049.html https://www.suse.com/security/cve/CVE-2020-8449.html https://www.suse.com/security/cve/CVE-2020-8450.html https://www.suse.com/security/cve/CVE-2020-8517.html https://bugzilla.suse.com/1140738 https://bugzilla.suse.com/1141329 https://bugzilla.suse.com/1141332 https://bugzilla.suse.com/1156323 https://bugzilla.suse.com/1156324 https://bugzilla.suse.com/1156326 https://bugzilla.suse.com/1156328 https://bugzilla.suse.com/1156329 https://bugzilla.suse.com/1162687 https://bugzilla.suse.com/1162689 https://bugzilla.suse.com/1162691 https://bugzilla.suse.com/1167373 https://bugzilla.suse.com/1169659 https://bugzilla.suse.com/1170313 https://bugzilla.suse.com/1170423 https://bugzilla.suse.com/1173304 https://bugzilla.suse.com/1173455 From sle-updates at lists.suse.com Tue Aug 25 04:13:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 12:13:59 +0200 (CEST) Subject: SUSE-RU-2020:2299-1: moderate: Recommended update for yast2-theme Message-ID: <20200825101359.43241FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-theme ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2299-1 Rating: moderate References: #1158298 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-theme fixes the following issues: - Add raleway fonts as dependency. (bsc#1158298) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2299=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-theme-4.2.10-3.3.1 References: https://bugzilla.suse.com/1158298 From sle-updates at lists.suse.com Tue Aug 25 04:14:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 12:14:51 +0200 (CEST) Subject: SUSE-RU-2020:2298-1: moderate: Recommended update for yast2 Message-ID: <20200825101451.13D01FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2298-1 Rating: moderate References: #1173133 #1174183 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - update 'is_wsl' function to match 'wsl1' and 'wsl2' os-release spellings. (bsc#1174183) - Fix for not to start user interface before evaluating current language settings. (bsc#1173133) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2298=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.87-3.8.1 yast2-logs-4.2.87-3.8.1 References: https://bugzilla.suse.com/1173133 https://bugzilla.suse.com/1174183 From sle-updates at lists.suse.com Tue Aug 25 07:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 15:13:46 +0200 (CEST) Subject: SUSE-RU-2020:2300-1: moderate: Recommended update for davfs2 Message-ID: <20200825131346.353D1FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for davfs2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2300-1 Rating: moderate References: #1173419 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for davfs2 fixes the following issue: - Respect nofail option and avoid to fail upon boot if the remote resource is not available. (bsc#1173419) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2300=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): davfs2-1.5.2-4.3.1 davfs2-debuginfo-1.5.2-4.3.1 davfs2-debugsource-1.5.2-4.3.1 References: https://bugzilla.suse.com/1173419 From sle-updates at lists.suse.com Tue Aug 25 07:14:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 15:14:36 +0200 (CEST) Subject: SUSE-RU-2020:2301-1: moderate: Recommended update for gstreamer Message-ID: <20200825131436.274D3FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2301-1 Rating: moderate References: #1097405 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gstreamer fixes the following issue: - Fix a crash in gstreamer. (bsc#1097405) GstDeviceProvider has a started_count private variable, start will add 1 to it and stop will subtract 1 from it. However, current code forget to add 1 if it was already started, so if we start it twice and then stop it twice, it will crash at the second stop call. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2301=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2301=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-debuginfo-1.8.3-10.3.1 gstreamer-debugsource-1.8.3-10.3.1 gstreamer-devel-1.8.3-10.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-1.8.3-10.3.1 gstreamer-debuginfo-1.8.3-10.3.1 gstreamer-debugsource-1.8.3-10.3.1 gstreamer-utils-1.8.3-10.3.1 gstreamer-utils-debuginfo-1.8.3-10.3.1 libgstreamer-1_0-0-1.8.3-10.3.1 libgstreamer-1_0-0-debuginfo-1.8.3-10.3.1 typelib-1_0-Gst-1_0-1.8.3-10.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): gstreamer-debuginfo-32bit-1.8.3-10.3.1 libgstreamer-1_0-0-32bit-1.8.3-10.3.1 libgstreamer-1_0-0-debuginfo-32bit-1.8.3-10.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gstreamer-lang-1.8.3-10.3.1 References: https://bugzilla.suse.com/1097405 From sle-updates at lists.suse.com Tue Aug 25 07:15:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 15:15:29 +0200 (CEST) Subject: SUSE-RU-2020:2302-1: moderate: Recommended update for gnome-shell, gnome-shell-extension-desktop-icons, gnome-shell-extensions Message-ID: <20200825131529.B3A0CFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell, gnome-shell-extension-desktop-icons, gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2302-1 Rating: moderate References: #1167276 #1169029 #1169845 #1171822 #1172424 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for gnome-shell, gnome-shell-extension-desktop-icons, gnome-shell-extensions fixes the following issues: Changes in gnome-shell: Update to version 3.34.5 - Leave overview when locking the screen. - Avoid IO on the main thread. - Fix OSK layout fallback for unsupported variants. - Fix high-contrast/symbolic icon mix-up. - Updated translations. - Uniform the checks between SLE and openSUSE. (jsc#SLE-11720) - Show the network agent pop up when required. (bsc#1171822) - Set the button invisible when the user's can_switch is false or user-switch-enabled is disabled. (bsc#1167276) - Remove error in messages log when NetworkManager is not installed. (bsc#1172424) - Remove 'Getting invalid resource scale property' warnings in the log. (bsc#1169845) - Remove error in journal log. (bsc#1169029) Change in gnome-shell-extensions: - Uniform the checks between SLE and openSUSE. (jsc#SLE-11720) Change in gnome-shell-extension-desktop-icons: - Show mounted device icons. (jsc#SLE-12572) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2302=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2302=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gnome-shell-calendar-3.34.5-3.3.1 gnome-shell-calendar-debuginfo-3.34.5-3.3.1 gnome-shell-debuginfo-3.34.5-3.3.1 gnome-shell-debugsource-3.34.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-3.34.5-3.3.1 gnome-shell-classic-session-3.34.2-5.3.1 gnome-shell-debuginfo-3.34.5-3.3.1 gnome-shell-debugsource-3.34.5-3.3.1 gnome-shell-devel-3.34.5-3.3.1 gnome-shell-extension-user-theme-3.34.2-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-shell-classic-3.34.2-5.3.1 gnome-shell-extension-desktop-icons-19.10.2-3.3.1 gnome-shell-extensions-common-3.34.2-5.3.1 gnome-shell-extensions-common-lang-3.34.2-5.3.1 gnome-shell-lang-3.34.5-3.3.1 References: https://bugzilla.suse.com/1167276 https://bugzilla.suse.com/1169029 https://bugzilla.suse.com/1169845 https://bugzilla.suse.com/1171822 https://bugzilla.suse.com/1172424 From sle-updates at lists.suse.com Tue Aug 25 10:14:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:14:44 +0200 (CEST) Subject: SUSE-SU-2020:2304-1: important: Security update for grub2 Message-ID: <20200825161444.27B8EFEC3@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2304-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2304=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2304=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2304=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2304=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2304=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2304=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2304=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 grub2-debugsource-2.02-4.61.1 grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 grub2-debugsource-2.02-4.61.1 grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-4.61.1 grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 grub2-debugsource-2.02-4.61.1 grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 grub2-debugsource-2.02-4.61.1 - SUSE Enterprise Storage 5 (aarch64): grub2-arm64-efi-2.02-4.61.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 - SUSE Enterprise Storage 5 (x86_64): grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - HPE Helion Openstack 8 (x86_64): grub2-2.02-4.61.1 grub2-debuginfo-2.02-4.61.1 grub2-debugsource-2.02-4.61.1 grub2-i386-pc-2.02-4.61.1 grub2-x86_64-efi-2.02-4.61.1 grub2-x86_64-xen-2.02-4.61.1 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-4.61.1 grub2-systemd-sleep-plugin-2.02-4.61.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:15:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:15:41 +0200 (CEST) Subject: SUSE-SU-2020:2311-1: moderate: Security update for apache2 Message-ID: <20200825161541.AD6F2FDE4@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2311-1 Rating: moderate References: #1174052 #1175070 #1175071 #1175074 Cross-References: CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). - Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2311=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2311=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.43-3.5.1 apache2-debugsource-2.4.43-3.5.1 apache2-devel-2.4.43-3.5.1 apache2-worker-2.4.43-3.5.1 apache2-worker-debuginfo-2.4.43-3.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): apache2-doc-2.4.43-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-2.4.43-3.5.1 apache2-debuginfo-2.4.43-3.5.1 apache2-debugsource-2.4.43-3.5.1 apache2-prefork-2.4.43-3.5.1 apache2-prefork-debuginfo-2.4.43-3.5.1 apache2-utils-2.4.43-3.5.1 apache2-utils-debuginfo-2.4.43-3.5.1 References: https://www.suse.com/security/cve/CVE-2020-11984.html https://www.suse.com/security/cve/CVE-2020-11993.html https://www.suse.com/security/cve/CVE-2020-9490.html https://bugzilla.suse.com/1174052 https://bugzilla.suse.com/1175070 https://bugzilla.suse.com/1175071 https://bugzilla.suse.com/1175074 From sle-updates at lists.suse.com Tue Aug 25 10:16:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:16:49 +0200 (CEST) Subject: SUSE-SU-2020:2308-1: important: Security update for grub2 Message-ID: <20200825161649.3F25DFDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2308-1 Rating: important References: #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2308=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2308=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2308=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2308=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.56.1 grub2-debuginfo-2.02~beta2-115.56.1 grub2-debugsource-2.02~beta2-115.56.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.56.1 grub2-systemd-sleep-plugin-2.02~beta2-115.56.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.56.1 grub2-x86_64-efi-2.02~beta2-115.56.1 grub2-x86_64-xen-2.02~beta2-115.56.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.56.1 grub2-debuginfo-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.56.1 grub2-i386-pc-2.02~beta2-115.56.1 grub2-x86_64-efi-2.02~beta2-115.56.1 grub2-x86_64-xen-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.56.1 grub2-systemd-sleep-plugin-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.56.1 grub2-debuginfo-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.56.1 grub2-x86_64-efi-2.02~beta2-115.56.1 grub2-x86_64-xen-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.56.1 grub2-systemd-sleep-plugin-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.56.1 grub2-debuginfo-2.02~beta2-115.56.1 grub2-debugsource-2.02~beta2-115.56.1 grub2-i386-pc-2.02~beta2-115.56.1 grub2-x86_64-efi-2.02~beta2-115.56.1 grub2-x86_64-xen-2.02~beta2-115.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.56.1 grub2-systemd-sleep-plugin-2.02~beta2-115.56.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:17:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:17:36 +0200 (CEST) Subject: SUSE-SU-2020:2307-1: important: Security update for grub2 Message-ID: <20200825161736.75198FDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2307-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2307=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.33.1 grub2-debuginfo-2.02-26.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.33.1 grub2-i386-pc-2.02-26.33.1 grub2-powerpc-ieee1275-2.02-26.33.1 grub2-snapper-plugin-2.02-26.33.1 grub2-systemd-sleep-plugin-2.02-26.33.1 grub2-x86_64-efi-2.02-26.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.33.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:18:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:18:31 +0200 (CEST) Subject: SUSE-SU-2020:2303-1: important: Security update for grub2 Message-ID: <20200825161831.D383FFDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2303-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2303=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2303=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2303=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2303=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-19.56.1 grub2-debuginfo-2.02-19.56.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.56.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-19.56.1 grub2-systemd-sleep-plugin-2.02-19.56.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-19.56.1 grub2-i386-pc-2.02-19.56.1 grub2-x86_64-efi-2.02-19.56.1 grub2-x86_64-xen-2.02-19.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-19.56.1 grub2-debuginfo-2.02-19.56.1 grub2-debugsource-2.02-19.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.56.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.56.1 grub2-systemd-sleep-plugin-2.02-19.56.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-19.56.1 grub2-debuginfo-2.02-19.56.1 grub2-debugsource-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.56.1 grub2-systemd-sleep-plugin-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-19.56.1 grub2-x86_64-efi-2.02-19.56.1 grub2-x86_64-xen-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-19.56.1 grub2-debuginfo-2.02-19.56.1 grub2-debugsource-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-19.56.1 grub2-x86_64-efi-2.02-19.56.1 grub2-x86_64-xen-2.02-19.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-19.56.1 grub2-systemd-sleep-plugin-2.02-19.56.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:19:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:19:27 +0200 (CEST) Subject: SUSE-SU-2020:2306-1: important: Security update for grub2 Message-ID: <20200825161927.50F03FDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2306-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2306=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2306=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.15.1 grub2-debuginfo-2.04-9.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.15.1 grub2-i386-pc-2.04-9.15.1 grub2-powerpc-ieee1275-2.04-9.15.1 grub2-snapper-plugin-2.04-9.15.1 grub2-systemd-sleep-plugin-2.04-9.15.1 grub2-x86_64-efi-2.04-9.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.15.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:20:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:20:23 +0200 (CEST) Subject: SUSE-SU-2020:2312-1: moderate: Security update for samba Message-ID: <20200825162023.CCC9AFDE4@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2312-1 Rating: moderate References: #1173160 #1174120 Cross-References: CVE-2020-10745 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2312=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2312=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2312=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2312=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2312=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.33.1 libdcerpc-binding0-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-4.4.2-38.33.1 libdcerpc0-32bit-4.4.2-38.33.1 libdcerpc0-4.4.2-38.33.1 libdcerpc0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc0-debuginfo-4.4.2-38.33.1 libndr-krb5pac0-32bit-4.4.2-38.33.1 libndr-krb5pac0-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-4.4.2-38.33.1 libndr-nbt0-32bit-4.4.2-38.33.1 libndr-nbt0-4.4.2-38.33.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.33.1 libndr-nbt0-debuginfo-4.4.2-38.33.1 libndr-standard0-32bit-4.4.2-38.33.1 libndr-standard0-4.4.2-38.33.1 libndr-standard0-debuginfo-32bit-4.4.2-38.33.1 libndr-standard0-debuginfo-4.4.2-38.33.1 libndr0-32bit-4.4.2-38.33.1 libndr0-4.4.2-38.33.1 libndr0-debuginfo-32bit-4.4.2-38.33.1 libndr0-debuginfo-4.4.2-38.33.1 libnetapi0-32bit-4.4.2-38.33.1 libnetapi0-4.4.2-38.33.1 libnetapi0-debuginfo-32bit-4.4.2-38.33.1 libnetapi0-debuginfo-4.4.2-38.33.1 libsamba-credentials0-32bit-4.4.2-38.33.1 libsamba-credentials0-4.4.2-38.33.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.33.1 libsamba-credentials0-debuginfo-4.4.2-38.33.1 libsamba-errors0-32bit-4.4.2-38.33.1 libsamba-errors0-4.4.2-38.33.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.33.1 libsamba-errors0-debuginfo-4.4.2-38.33.1 libsamba-hostconfig0-32bit-4.4.2-38.33.1 libsamba-hostconfig0-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-4.4.2-38.33.1 libsamba-passdb0-32bit-4.4.2-38.33.1 libsamba-passdb0-4.4.2-38.33.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.33.1 libsamba-passdb0-debuginfo-4.4.2-38.33.1 libsamba-util0-32bit-4.4.2-38.33.1 libsamba-util0-4.4.2-38.33.1 libsamba-util0-debuginfo-32bit-4.4.2-38.33.1 libsamba-util0-debuginfo-4.4.2-38.33.1 libsamdb0-32bit-4.4.2-38.33.1 libsamdb0-4.4.2-38.33.1 libsamdb0-debuginfo-32bit-4.4.2-38.33.1 libsamdb0-debuginfo-4.4.2-38.33.1 libsmbclient0-32bit-4.4.2-38.33.1 libsmbclient0-4.4.2-38.33.1 libsmbclient0-debuginfo-32bit-4.4.2-38.33.1 libsmbclient0-debuginfo-4.4.2-38.33.1 libsmbconf0-32bit-4.4.2-38.33.1 libsmbconf0-4.4.2-38.33.1 libsmbconf0-debuginfo-32bit-4.4.2-38.33.1 libsmbconf0-debuginfo-4.4.2-38.33.1 libsmbldap0-32bit-4.4.2-38.33.1 libsmbldap0-4.4.2-38.33.1 libsmbldap0-debuginfo-32bit-4.4.2-38.33.1 libsmbldap0-debuginfo-4.4.2-38.33.1 libtevent-util0-32bit-4.4.2-38.33.1 libtevent-util0-4.4.2-38.33.1 libtevent-util0-debuginfo-32bit-4.4.2-38.33.1 libtevent-util0-debuginfo-4.4.2-38.33.1 libwbclient0-32bit-4.4.2-38.33.1 libwbclient0-4.4.2-38.33.1 libwbclient0-debuginfo-32bit-4.4.2-38.33.1 libwbclient0-debuginfo-4.4.2-38.33.1 samba-4.4.2-38.33.1 samba-client-32bit-4.4.2-38.33.1 samba-client-4.4.2-38.33.1 samba-client-debuginfo-32bit-4.4.2-38.33.1 samba-client-debuginfo-4.4.2-38.33.1 samba-debuginfo-4.4.2-38.33.1 samba-debugsource-4.4.2-38.33.1 samba-libs-32bit-4.4.2-38.33.1 samba-libs-4.4.2-38.33.1 samba-libs-debuginfo-32bit-4.4.2-38.33.1 samba-libs-debuginfo-4.4.2-38.33.1 samba-winbind-32bit-4.4.2-38.33.1 samba-winbind-4.4.2-38.33.1 samba-winbind-debuginfo-32bit-4.4.2-38.33.1 samba-winbind-debuginfo-4.4.2-38.33.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-4.4.2-38.33.1 libdcerpc0-4.4.2-38.33.1 libdcerpc0-debuginfo-4.4.2-38.33.1 libndr-krb5pac0-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-4.4.2-38.33.1 libndr-nbt0-4.4.2-38.33.1 libndr-nbt0-debuginfo-4.4.2-38.33.1 libndr-standard0-4.4.2-38.33.1 libndr-standard0-debuginfo-4.4.2-38.33.1 libndr0-4.4.2-38.33.1 libndr0-debuginfo-4.4.2-38.33.1 libnetapi0-4.4.2-38.33.1 libnetapi0-debuginfo-4.4.2-38.33.1 libsamba-credentials0-4.4.2-38.33.1 libsamba-credentials0-debuginfo-4.4.2-38.33.1 libsamba-errors0-4.4.2-38.33.1 libsamba-errors0-debuginfo-4.4.2-38.33.1 libsamba-hostconfig0-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-4.4.2-38.33.1 libsamba-passdb0-4.4.2-38.33.1 libsamba-passdb0-debuginfo-4.4.2-38.33.1 libsamba-util0-4.4.2-38.33.1 libsamba-util0-debuginfo-4.4.2-38.33.1 libsamdb0-4.4.2-38.33.1 libsamdb0-debuginfo-4.4.2-38.33.1 libsmbclient0-4.4.2-38.33.1 libsmbclient0-debuginfo-4.4.2-38.33.1 libsmbconf0-4.4.2-38.33.1 libsmbconf0-debuginfo-4.4.2-38.33.1 libsmbldap0-4.4.2-38.33.1 libsmbldap0-debuginfo-4.4.2-38.33.1 libtevent-util0-4.4.2-38.33.1 libtevent-util0-debuginfo-4.4.2-38.33.1 libwbclient0-4.4.2-38.33.1 libwbclient0-debuginfo-4.4.2-38.33.1 samba-4.4.2-38.33.1 samba-client-4.4.2-38.33.1 samba-client-debuginfo-4.4.2-38.33.1 samba-debuginfo-4.4.2-38.33.1 samba-debugsource-4.4.2-38.33.1 samba-libs-4.4.2-38.33.1 samba-libs-debuginfo-4.4.2-38.33.1 samba-winbind-4.4.2-38.33.1 samba-winbind-debuginfo-4.4.2-38.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc0-32bit-4.4.2-38.33.1 libdcerpc0-debuginfo-32bit-4.4.2-38.33.1 libndr-krb5pac0-32bit-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.33.1 libndr-nbt0-32bit-4.4.2-38.33.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.33.1 libndr-standard0-32bit-4.4.2-38.33.1 libndr-standard0-debuginfo-32bit-4.4.2-38.33.1 libndr0-32bit-4.4.2-38.33.1 libndr0-debuginfo-32bit-4.4.2-38.33.1 libnetapi0-32bit-4.4.2-38.33.1 libnetapi0-debuginfo-32bit-4.4.2-38.33.1 libsamba-credentials0-32bit-4.4.2-38.33.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.33.1 libsamba-errors0-32bit-4.4.2-38.33.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.33.1 libsamba-hostconfig0-32bit-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.33.1 libsamba-passdb0-32bit-4.4.2-38.33.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.33.1 libsamba-util0-32bit-4.4.2-38.33.1 libsamba-util0-debuginfo-32bit-4.4.2-38.33.1 libsamdb0-32bit-4.4.2-38.33.1 libsamdb0-debuginfo-32bit-4.4.2-38.33.1 libsmbclient0-32bit-4.4.2-38.33.1 libsmbclient0-debuginfo-32bit-4.4.2-38.33.1 libsmbconf0-32bit-4.4.2-38.33.1 libsmbconf0-debuginfo-32bit-4.4.2-38.33.1 libsmbldap0-32bit-4.4.2-38.33.1 libsmbldap0-debuginfo-32bit-4.4.2-38.33.1 libtevent-util0-32bit-4.4.2-38.33.1 libtevent-util0-debuginfo-32bit-4.4.2-38.33.1 libwbclient0-32bit-4.4.2-38.33.1 libwbclient0-debuginfo-32bit-4.4.2-38.33.1 samba-client-32bit-4.4.2-38.33.1 samba-client-debuginfo-32bit-4.4.2-38.33.1 samba-libs-32bit-4.4.2-38.33.1 samba-libs-debuginfo-32bit-4.4.2-38.33.1 samba-winbind-32bit-4.4.2-38.33.1 samba-winbind-debuginfo-32bit-4.4.2-38.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-4.4.2-38.33.1 libdcerpc0-4.4.2-38.33.1 libdcerpc0-debuginfo-4.4.2-38.33.1 libndr-krb5pac0-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-4.4.2-38.33.1 libndr-nbt0-4.4.2-38.33.1 libndr-nbt0-debuginfo-4.4.2-38.33.1 libndr-standard0-4.4.2-38.33.1 libndr-standard0-debuginfo-4.4.2-38.33.1 libndr0-4.4.2-38.33.1 libndr0-debuginfo-4.4.2-38.33.1 libnetapi0-4.4.2-38.33.1 libnetapi0-debuginfo-4.4.2-38.33.1 libsamba-credentials0-4.4.2-38.33.1 libsamba-credentials0-debuginfo-4.4.2-38.33.1 libsamba-errors0-4.4.2-38.33.1 libsamba-errors0-debuginfo-4.4.2-38.33.1 libsamba-hostconfig0-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-4.4.2-38.33.1 libsamba-passdb0-4.4.2-38.33.1 libsamba-passdb0-debuginfo-4.4.2-38.33.1 libsamba-util0-4.4.2-38.33.1 libsamba-util0-debuginfo-4.4.2-38.33.1 libsamdb0-4.4.2-38.33.1 libsamdb0-debuginfo-4.4.2-38.33.1 libsmbclient0-4.4.2-38.33.1 libsmbclient0-debuginfo-4.4.2-38.33.1 libsmbconf0-4.4.2-38.33.1 libsmbconf0-debuginfo-4.4.2-38.33.1 libsmbldap0-4.4.2-38.33.1 libsmbldap0-debuginfo-4.4.2-38.33.1 libtevent-util0-4.4.2-38.33.1 libtevent-util0-debuginfo-4.4.2-38.33.1 libwbclient0-4.4.2-38.33.1 libwbclient0-debuginfo-4.4.2-38.33.1 samba-4.4.2-38.33.1 samba-client-4.4.2-38.33.1 samba-client-debuginfo-4.4.2-38.33.1 samba-debuginfo-4.4.2-38.33.1 samba-debugsource-4.4.2-38.33.1 samba-libs-4.4.2-38.33.1 samba-libs-debuginfo-4.4.2-38.33.1 samba-winbind-4.4.2-38.33.1 samba-winbind-debuginfo-4.4.2-38.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc0-32bit-4.4.2-38.33.1 libdcerpc0-debuginfo-32bit-4.4.2-38.33.1 libndr-krb5pac0-32bit-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.33.1 libndr-nbt0-32bit-4.4.2-38.33.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.33.1 libndr-standard0-32bit-4.4.2-38.33.1 libndr-standard0-debuginfo-32bit-4.4.2-38.33.1 libndr0-32bit-4.4.2-38.33.1 libndr0-debuginfo-32bit-4.4.2-38.33.1 libnetapi0-32bit-4.4.2-38.33.1 libnetapi0-debuginfo-32bit-4.4.2-38.33.1 libsamba-credentials0-32bit-4.4.2-38.33.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.33.1 libsamba-errors0-32bit-4.4.2-38.33.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.33.1 libsamba-hostconfig0-32bit-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.33.1 libsamba-passdb0-32bit-4.4.2-38.33.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.33.1 libsamba-util0-32bit-4.4.2-38.33.1 libsamba-util0-debuginfo-32bit-4.4.2-38.33.1 libsamdb0-32bit-4.4.2-38.33.1 libsamdb0-debuginfo-32bit-4.4.2-38.33.1 libsmbclient0-32bit-4.4.2-38.33.1 libsmbclient0-debuginfo-32bit-4.4.2-38.33.1 libsmbconf0-32bit-4.4.2-38.33.1 libsmbconf0-debuginfo-32bit-4.4.2-38.33.1 libsmbldap0-32bit-4.4.2-38.33.1 libsmbldap0-debuginfo-32bit-4.4.2-38.33.1 libtevent-util0-32bit-4.4.2-38.33.1 libtevent-util0-debuginfo-32bit-4.4.2-38.33.1 libwbclient0-32bit-4.4.2-38.33.1 libwbclient0-debuginfo-32bit-4.4.2-38.33.1 samba-client-32bit-4.4.2-38.33.1 samba-client-debuginfo-32bit-4.4.2-38.33.1 samba-libs-32bit-4.4.2-38.33.1 samba-libs-debuginfo-32bit-4.4.2-38.33.1 samba-winbind-32bit-4.4.2-38.33.1 samba-winbind-debuginfo-32bit-4.4.2-38.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.33.1 libdcerpc-binding0-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc-binding0-debuginfo-4.4.2-38.33.1 libdcerpc0-32bit-4.4.2-38.33.1 libdcerpc0-4.4.2-38.33.1 libdcerpc0-debuginfo-32bit-4.4.2-38.33.1 libdcerpc0-debuginfo-4.4.2-38.33.1 libndr-krb5pac0-32bit-4.4.2-38.33.1 libndr-krb5pac0-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.33.1 libndr-krb5pac0-debuginfo-4.4.2-38.33.1 libndr-nbt0-32bit-4.4.2-38.33.1 libndr-nbt0-4.4.2-38.33.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.33.1 libndr-nbt0-debuginfo-4.4.2-38.33.1 libndr-standard0-32bit-4.4.2-38.33.1 libndr-standard0-4.4.2-38.33.1 libndr-standard0-debuginfo-32bit-4.4.2-38.33.1 libndr-standard0-debuginfo-4.4.2-38.33.1 libndr0-32bit-4.4.2-38.33.1 libndr0-4.4.2-38.33.1 libndr0-debuginfo-32bit-4.4.2-38.33.1 libndr0-debuginfo-4.4.2-38.33.1 libnetapi0-32bit-4.4.2-38.33.1 libnetapi0-4.4.2-38.33.1 libnetapi0-debuginfo-32bit-4.4.2-38.33.1 libnetapi0-debuginfo-4.4.2-38.33.1 libsamba-credentials0-32bit-4.4.2-38.33.1 libsamba-credentials0-4.4.2-38.33.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.33.1 libsamba-credentials0-debuginfo-4.4.2-38.33.1 libsamba-errors0-32bit-4.4.2-38.33.1 libsamba-errors0-4.4.2-38.33.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.33.1 libsamba-errors0-debuginfo-4.4.2-38.33.1 libsamba-hostconfig0-32bit-4.4.2-38.33.1 libsamba-hostconfig0-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.33.1 libsamba-hostconfig0-debuginfo-4.4.2-38.33.1 libsamba-passdb0-32bit-4.4.2-38.33.1 libsamba-passdb0-4.4.2-38.33.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.33.1 libsamba-passdb0-debuginfo-4.4.2-38.33.1 libsamba-util0-32bit-4.4.2-38.33.1 libsamba-util0-4.4.2-38.33.1 libsamba-util0-debuginfo-32bit-4.4.2-38.33.1 libsamba-util0-debuginfo-4.4.2-38.33.1 libsamdb0-32bit-4.4.2-38.33.1 libsamdb0-4.4.2-38.33.1 libsamdb0-debuginfo-32bit-4.4.2-38.33.1 libsamdb0-debuginfo-4.4.2-38.33.1 libsmbclient0-32bit-4.4.2-38.33.1 libsmbclient0-4.4.2-38.33.1 libsmbclient0-debuginfo-32bit-4.4.2-38.33.1 libsmbclient0-debuginfo-4.4.2-38.33.1 libsmbconf0-32bit-4.4.2-38.33.1 libsmbconf0-4.4.2-38.33.1 libsmbconf0-debuginfo-32bit-4.4.2-38.33.1 libsmbconf0-debuginfo-4.4.2-38.33.1 libsmbldap0-32bit-4.4.2-38.33.1 libsmbldap0-4.4.2-38.33.1 libsmbldap0-debuginfo-32bit-4.4.2-38.33.1 libsmbldap0-debuginfo-4.4.2-38.33.1 libtevent-util0-32bit-4.4.2-38.33.1 libtevent-util0-4.4.2-38.33.1 libtevent-util0-debuginfo-32bit-4.4.2-38.33.1 libtevent-util0-debuginfo-4.4.2-38.33.1 libwbclient0-32bit-4.4.2-38.33.1 libwbclient0-4.4.2-38.33.1 libwbclient0-debuginfo-32bit-4.4.2-38.33.1 libwbclient0-debuginfo-4.4.2-38.33.1 samba-4.4.2-38.33.1 samba-client-32bit-4.4.2-38.33.1 samba-client-4.4.2-38.33.1 samba-client-debuginfo-32bit-4.4.2-38.33.1 samba-client-debuginfo-4.4.2-38.33.1 samba-debuginfo-4.4.2-38.33.1 samba-debugsource-4.4.2-38.33.1 samba-libs-32bit-4.4.2-38.33.1 samba-libs-4.4.2-38.33.1 samba-libs-debuginfo-32bit-4.4.2-38.33.1 samba-libs-debuginfo-4.4.2-38.33.1 samba-winbind-32bit-4.4.2-38.33.1 samba-winbind-4.4.2-38.33.1 samba-winbind-debuginfo-32bit-4.4.2-38.33.1 samba-winbind-debuginfo-4.4.2-38.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.33.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.33.1 ctdb-debuginfo-4.4.2-38.33.1 samba-debuginfo-4.4.2-38.33.1 samba-debugsource-4.4.2-38.33.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1174120 From sle-updates at lists.suse.com Tue Aug 25 10:21:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:21:19 +0200 (CEST) Subject: SUSE-SU-2020:14461-1: important: Security update for grub2 Message-ID: <20200825162119.87694FDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14461-1 Rating: important References: #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-grub2-14461=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-14461=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): grub2-x86_64-efi-2.00-0.66.21.1 grub2-x86_64-xen-2.00-0.66.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.21.1 grub2-debugsource-2.00-0.66.21.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 10:22:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 18:22:08 +0200 (CEST) Subject: SUSE-SU-2020:2305-1: important: Security update for grub2 Message-ID: <20200825162208.21FDFFDE4@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2305-1 Rating: important References: #1172745 #1174421 Cross-References: CVE-2020-15705 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2305=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2305=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2305=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2305=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2305=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-12.39.1 grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-12.39.1 grub2-debuginfo-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-12.39.1 grub2-x86_64-efi-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-12.39.1 grub2-systemd-sleep-plugin-2.02-12.39.1 grub2-x86_64-xen-2.02-12.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-12.39.1 References: https://www.suse.com/security/cve/CVE-2020-15705.html https://bugzilla.suse.com/1172745 https://bugzilla.suse.com/1174421 From sle-updates at lists.suse.com Tue Aug 25 13:14:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:14:25 +0200 (CEST) Subject: SUSE-RU-2020:2318-1: moderate: Recommended update for python3-ec2metadata Message-ID: <20200825191425.2CF9AFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2metadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2318-1 Rating: moderate References: #1174743 #1174837 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-ec2metadata contains the following fixes: - Update to version 3.0.3 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2318=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2318=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2metadata-3.0.3-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-ec2metadata-3.0.3-3.6.1 References: https://bugzilla.suse.com/1174743 https://bugzilla.suse.com/1174837 From sle-updates at lists.suse.com Tue Aug 25 13:15:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:15:22 +0200 (CEST) Subject: SUSE-RU-2020:2317-1: moderate: Recommended update for regionServiceClientConfigAzure Message-ID: <20200825191522.4932CFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigAzure ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2317-1 Rating: moderate References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for regionServiceClientConfigAzure contains the following fixes: - Update to version 1.0.5 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic + Use latest API to query the metadata server and send additional data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2317=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigAzure-1.0.5-3.12.1 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Tue Aug 25 13:16:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:16:20 +0200 (CEST) Subject: SUSE-RU-2020:2321-1: moderate: Recommended update for gstreamer Message-ID: <20200825191620.CCDDFFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2321-1 Rating: moderate References: #1097405 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gstreamer fixes the following issue: - Fix a crash in gstreamer. (bsc#1097405) GstDeviceProvider has a started_count private variable, start will add 1 to it and stop will subtract 1 from it. However, current code forget to add 1 if it was already started, so if we start it twice and then stop it twice, it will crash at the second stop call. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2321=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2321=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2321=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (i586 x86_64): gstreamer-devel-1.12.5-3.14.1 gstreamer-utils-1.12.5-3.14.1 gstreamer-utils-debuginfo-1.12.5-3.14.1 typelib-1_0-Gst-1_0-1.12.5-3.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): gstreamer-32bit-1.12.5-3.14.1 gstreamer-32bit-debuginfo-1.12.5-3.14.1 gstreamer-debugsource-1.12.5-3.14.1 gstreamer-devel-32bit-1.12.5-3.14.1 libgstreamer-1_0-0-32bit-1.12.5-3.14.1 libgstreamer-1_0-0-32bit-debuginfo-1.12.5-3.14.1 typelib-1_0-Gst-1_0-32bit-1.12.5-3.14.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gstreamer-debuginfo-1.12.5-3.14.1 gstreamer-debugsource-1.12.5-3.14.1 gstreamer-devel-1.12.5-3.14.1 gstreamer-utils-1.12.5-3.14.1 gstreamer-utils-debuginfo-1.12.5-3.14.1 typelib-1_0-Gst-1_0-1.12.5-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gstreamer-1.12.5-3.14.1 gstreamer-debuginfo-1.12.5-3.14.1 gstreamer-debugsource-1.12.5-3.14.1 libgstreamer-1_0-0-1.12.5-3.14.1 libgstreamer-1_0-0-debuginfo-1.12.5-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): gstreamer-lang-1.12.5-3.14.1 References: https://bugzilla.suse.com/1097405 From sle-updates at lists.suse.com Tue Aug 25 13:17:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:17:10 +0200 (CEST) Subject: SUSE-RU-2020:2322-1: Release notes for 4.2.3 Message-ID: <20200825191710.9F342FEC3@maintenance.suse.de> SUSE Recommended Update: Release notes for 4.2.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2322-1 Rating: low References: #1175533 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Release notes for 4.2.3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.2.20200820-4.57.1 References: https://bugzilla.suse.com/1175533 From sle-updates at lists.suse.com Tue Aug 25 13:18:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:18:00 +0200 (CEST) Subject: SUSE-RU-2020:2323-1: moderate: Bugfix for cri-o Message-ID: <20200825191800.38D3BFEC3@maintenance.suse.de> SUSE Recommended Update: Bugfix for cri-o ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2323-1 Rating: moderate References: #1174400 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: = Required Actions == cri-o This fix will be applied to cri-o by `skuba-update`. See https://documentation.suse.com/suse-caasp/4.2/html/caasp-admin/_cluster_upd ates.html#_base_os_updates for more details. Make sure you look at the Release Notes https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/#_changes_in_4_2_3 for any known bug. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.2.3-24.33.2 cri-o-1.16.1-3.34.2 cri-o-kubeadm-criconfig-1.16.1-3.34.2 References: https://bugzilla.suse.com/1174400 From sle-updates at lists.suse.com Tue Aug 25 13:18:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:18:49 +0200 (CEST) Subject: SUSE-RU-2020:2315-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20200825191849.DC899FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2315-1 Rating: moderate References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 2.2.1 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2315=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigEC2-2.2.1-4.9.1 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Tue Aug 25 13:19:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:19:46 +0200 (CEST) Subject: SUSE-RU-2020:2319-1: moderate: Recommended update for python3-ec2metadata Message-ID: <20200825191946.BBCA6FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2metadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2319-1 Rating: moderate References: #1174743 #1174837 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-ec2metadata contains the following fixes: - Update to version 3.0.3 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2319=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-ec2metadata-3.0.3-2.6.1 References: https://bugzilla.suse.com/1174743 https://bugzilla.suse.com/1174837 From sle-updates at lists.suse.com Tue Aug 25 13:20:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:20:43 +0200 (CEST) Subject: SUSE-RU-2020:2320-1: moderate: Recommended update for python Message-ID: <20200825192043.08831FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2320-1 Rating: moderate References: #1175619 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python provides the following fix: - Set correct value of %python2_package_prefix to python (as expected on SLE-12). (bsc#1175619) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2320=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2320=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2320=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.17-28.51.1 python-base-debugsource-2.7.17-28.51.1 python-devel-2.7.17-28.51.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-28.51.1 libpython2_7-1_0-debuginfo-2.7.17-28.51.1 python-2.7.17-28.51.1 python-base-2.7.17-28.51.1 python-base-debuginfo-2.7.17-28.51.1 python-base-debugsource-2.7.17-28.51.1 python-curses-2.7.17-28.51.1 python-curses-debuginfo-2.7.17-28.51.1 python-debuginfo-2.7.17-28.51.1 python-debugsource-2.7.17-28.51.1 python-demo-2.7.17-28.51.1 python-devel-2.7.17-28.51.1 python-gdbm-2.7.17-28.51.1 python-gdbm-debuginfo-2.7.17-28.51.1 python-idle-2.7.17-28.51.1 python-tk-2.7.17-28.51.1 python-tk-debuginfo-2.7.17-28.51.1 python-xml-2.7.17-28.51.1 python-xml-debuginfo-2.7.17-28.51.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.17-28.51.1 libpython2_7-1_0-debuginfo-32bit-2.7.17-28.51.1 python-32bit-2.7.17-28.51.1 python-base-32bit-2.7.17-28.51.1 python-base-debuginfo-32bit-2.7.17-28.51.1 python-debuginfo-32bit-2.7.17-28.51.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.17-28.51.1 python-doc-pdf-2.7.17-28.51.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.17-28.51.1 python-debugsource-2.7.17-28.51.1 python-strict-tls-check-2.7.17-28.51.1 References: https://bugzilla.suse.com/1175619 From sle-updates at lists.suse.com Tue Aug 25 13:21:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:21:34 +0200 (CEST) Subject: SUSE-RU-2020:2313-1: moderate: Recommended update for python-azure-agent Message-ID: <20200825192134.03ACFFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2313-1 Rating: moderate References: #1175198 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent contains the following fix: Drop unnecessary path for sudoers handle. (bsc#1175198) - sudoers file is managed by cloud-init we no longer need this hack Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2313=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.45-7.18.2 References: https://bugzilla.suse.com/1175198 From sle-updates at lists.suse.com Tue Aug 25 13:22:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:22:24 +0200 (CEST) Subject: SUSE-RU-2020:2314-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20200825192224.B5754FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2314-1 Rating: moderate References: #1174731 #1174732 #1174743 #1174791 #1174837 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.1.2: (bsc#1174791, bsc#1174937) + Implement changes to configure the client to use https only for outbound traffic - plugin-ec2 to version 1.0.1 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. - Update to version 9.1.1: (bsc#1174731, bsc#1174732) + Do not immediately failover to a sibling system. Upon contact failure to the target system give the server/route time to recover. We have seen network instability trigger a pre-mature failover during initial registration causing problems later during updates. + When we do failover make sure the access credentials are known to the new target Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2314=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2314=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.1.2-6.34.1 cloud-regionsrv-client-generic-config-1.0.0-6.34.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.34.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.34.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.34.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.1.2-6.34.1 cloud-regionsrv-client-generic-config-1.0.0-6.34.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.34.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.34.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.34.1 References: https://bugzilla.suse.com/1174731 https://bugzilla.suse.com/1174732 https://bugzilla.suse.com/1174743 https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174837 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Tue Aug 25 13:23:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Aug 2020 21:23:48 +0200 (CEST) Subject: SUSE-RU-2020:2316-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20200825192348.A1E09FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2316-1 Rating: moderate References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 2.2.1 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2316=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2316=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigEC2-2.2.1-3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigEC2-2.2.1-3.11.1 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Tue Aug 25 16:14:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:14:09 +0200 (CEST) Subject: SUSE-SU-2020:2242-1: important: Security update for xorg-x11-server Message-ID: <20200825221409.BC4BFFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2242-1 Rating: important References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2242=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2242=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.8.1 xorg-x11-server-debugsource-1.19.6-10.8.1 xorg-x11-server-sdk-1.19.6-10.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.8.1 xorg-x11-server-debuginfo-1.19.6-10.8.1 xorg-x11-server-debugsource-1.19.6-10.8.1 xorg-x11-server-extra-1.19.6-10.8.1 xorg-x11-server-extra-debuginfo-1.19.6-10.8.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Tue Aug 25 16:15:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:15:12 +0200 (CEST) Subject: SUSE-SU-2020:14463-1: important: Security update for xorg-x11-server Message-ID: <20200825221512.1518AFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14463-1 Rating: important References: #1174633 #1174635 Cross-References: CVE-2020-14345 CVE-2020-14347 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14463=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14463=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14463=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14463=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.26.1 xorg-x11-server-7.4-27.122.26.1 xorg-x11-server-extra-7.4-27.122.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.26.1 xorg-x11-server-7.4-27.122.26.1 xorg-x11-server-extra-7.4-27.122.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.26.1 xorg-x11-server-debugsource-7.4-27.122.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.26.1 xorg-x11-server-debugsource-7.4-27.122.26.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 From sle-updates at lists.suse.com Tue Aug 25 16:16:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:16:17 +0200 (CEST) Subject: SUSE-SU-2020:2325-1: important: Security update for xorg-x11-server Message-ID: <20200825221617.8B8DAFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2325-1 Rating: important References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2325=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2325=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2325=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2325=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.8.1 xorg-x11-server-debuginfo-1.19.6-4.8.1 xorg-x11-server-debugsource-1.19.6-4.8.1 xorg-x11-server-extra-1.19.6-4.8.1 xorg-x11-server-extra-debuginfo-1.19.6-4.8.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.8.1 xorg-x11-server-debuginfo-1.19.6-4.8.1 xorg-x11-server-debugsource-1.19.6-4.8.1 xorg-x11-server-extra-1.19.6-4.8.1 xorg-x11-server-extra-debuginfo-1.19.6-4.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.8.1 xorg-x11-server-debuginfo-1.19.6-4.8.1 xorg-x11-server-debugsource-1.19.6-4.8.1 xorg-x11-server-extra-1.19.6-4.8.1 xorg-x11-server-extra-debuginfo-1.19.6-4.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.8.1 xorg-x11-server-debuginfo-1.19.6-4.8.1 xorg-x11-server-debugsource-1.19.6-4.8.1 xorg-x11-server-extra-1.19.6-4.8.1 xorg-x11-server-extra-debuginfo-1.19.6-4.8.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Tue Aug 25 16:17:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:17:22 +0200 (CEST) Subject: SUSE-SU-2020:2240-1: important: Security update for xorg-x11-server Message-ID: <20200825221722.85723FEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2240-1 Rating: important References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2240=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2240=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2240=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.1 xorg-x11-server-debugsource-1.20.3-22.5.1 xorg-x11-server-wayland-1.20.3-22.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.1 xorg-x11-server-debugsource-1.20.3-22.5.1 xorg-x11-server-sdk-1.20.3-22.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.1 xorg-x11-server-debuginfo-1.20.3-22.5.1 xorg-x11-server-debugsource-1.20.3-22.5.1 xorg-x11-server-extra-1.20.3-22.5.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Tue Aug 25 16:18:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:18:28 +0200 (CEST) Subject: SUSE-SU-2020:2326-1: important: Security update for xorg-x11-server Message-ID: <20200825221828.2CADCFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2326-1 Rating: important References: #1120999 #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2326=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2326=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2326=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2326=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.16.1 xorg-x11-server-debuginfo-1.19.6-8.16.1 xorg-x11-server-debugsource-1.19.6-8.16.1 xorg-x11-server-extra-1.19.6-8.16.1 xorg-x11-server-extra-debuginfo-1.19.6-8.16.1 xorg-x11-server-sdk-1.19.6-8.16.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.16.1 xorg-x11-server-debuginfo-1.19.6-8.16.1 xorg-x11-server-debugsource-1.19.6-8.16.1 xorg-x11-server-extra-1.19.6-8.16.1 xorg-x11-server-extra-debuginfo-1.19.6-8.16.1 xorg-x11-server-sdk-1.19.6-8.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.16.1 xorg-x11-server-debuginfo-1.19.6-8.16.1 xorg-x11-server-debugsource-1.19.6-8.16.1 xorg-x11-server-extra-1.19.6-8.16.1 xorg-x11-server-extra-debuginfo-1.19.6-8.16.1 xorg-x11-server-sdk-1.19.6-8.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.16.1 xorg-x11-server-debuginfo-1.19.6-8.16.1 xorg-x11-server-debugsource-1.19.6-8.16.1 xorg-x11-server-extra-1.19.6-8.16.1 xorg-x11-server-extra-debuginfo-1.19.6-8.16.1 xorg-x11-server-sdk-1.19.6-8.16.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1120999 https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Tue Aug 25 16:19:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 00:19:41 +0200 (CEST) Subject: SUSE-SU-2020:2241-1: important: Security update for xorg-x11-server Message-ID: <20200825221941.D3E49FEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2241-1 Rating: important References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2241=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2241=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2241=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.1 xorg-x11-server-debugsource-1.20.3-14.5.1 xorg-x11-server-wayland-1.20.3-14.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.1 xorg-x11-server-debugsource-1.20.3-14.5.1 xorg-x11-server-sdk-1.20.3-14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.1 xorg-x11-server-debuginfo-1.20.3-14.5.1 xorg-x11-server-debugsource-1.20.3-14.5.1 xorg-x11-server-extra-1.20.3-14.5.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Wed Aug 26 04:13:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 12:13:54 +0200 (CEST) Subject: SUSE-RU-2020:2329-1: moderate: Recommended update for yast2-firstboot Message-ID: <20200826101354.5BFF8FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2329-1 Rating: moderate References: #1173298 #1174353 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-firstboot fixes the following issues: - Fix for an issue when YaST firstboot unable to set hostname due to an non-existing function. (bsc#1173298) This update for yast2-network fixes the following issues: - Permit to write networking config changes without touching the service and other components like the firewall. (bsc#1173298) - Permit dot characters in the hostname allowing to specify it as an FQDN. (bsc#1173298) - Fixes an issue not to crash when configuring an IPv6 route through AutoYaST. (bsc#1174353) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2329=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-firstboot-4.2.15-3.3.1 yast2-network-4.2.75-3.13.1 References: https://bugzilla.suse.com/1173298 https://bugzilla.suse.com/1174353 From sle-updates at lists.suse.com Wed Aug 26 04:14:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 12:14:49 +0200 (CEST) Subject: SUSE-RU-2020:2328-1: moderate: Recommended update for lasso Message-ID: <20200826101449.1309DFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for lasso ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2328-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for lasso fixes the following issues: - Implement package apache2-mod-auth-mellon. (jsc#ECO-1309) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2328=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2328=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): liblasso-devel-2.6.1-8.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.16.0-8.3.1 liblasso3-2.6.1-8.3.1 python3-lasso-2.6.1-8.3.1 References: From sle-updates at lists.suse.com Wed Aug 26 04:15:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 12:15:34 +0200 (CEST) Subject: SUSE-RU-2020:2330-1: moderate: Recommended update for ibmrtpkgs Message-ID: <20200826101534.9A78BFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibmrtpkgs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2330-1 Rating: moderate References: #1173678 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibmrtpkgs fixes the following issues: - Fixes an issues when numa balancing causes significant performance problems on real time SLE. (bsc#1173678) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-2330=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2330=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): ibmrtpkgs-2-6.38.5.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): ibmrtpkgs-2-6.38.5.1 References: https://bugzilla.suse.com/1173678 From sle-updates at lists.suse.com Wed Aug 26 07:14:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:14:08 +0200 (CEST) Subject: SUSE-SU-2020:2331-1: moderate: Security update for xorg-x11-server Message-ID: <20200826131408.7BD4FFEC3@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2331-1 Rating: moderate References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2331=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2331=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2331=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2331=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2331=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2331=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2331=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2331=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2331=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE OpenStack Cloud 7 (s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 From sle-updates at lists.suse.com Wed Aug 26 07:15:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:15:14 +0200 (CEST) Subject: SUSE-RU-2020:2333-1: moderate: Recommended update for release-notes-sled Message-ID: <20200826131514.94C0FFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2333-1 Rating: moderate References: #1150672 #1163166 #1174481 #1174659 Affected Products: SUSE Linux Enterprise Desktop 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for release-notes-sled fixes the following issues: - New version of release notes: 15.2.20200729. (tracked in bsc#1174659) - Added note about alternatives system & display manager. (bsc#1163166) - Updated URL for source code download. (bsc#1150672) - Updated bug tracker info. (bsc#1174481) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 15-SP2: zypper in -t patch SUSE-SLE-Product-SLED-15-SP2-2020-2333=1 Package List: - SUSE Linux Enterprise Desktop 15-SP2 (noarch): release-notes-sled-15.2.20200729-3.3.2 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1163166 https://bugzilla.suse.com/1174481 https://bugzilla.suse.com/1174659 From sle-updates at lists.suse.com Wed Aug 26 07:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:16:26 +0200 (CEST) Subject: SUSE-RU-2020:2332-1: important: Recommended update for mariadb Message-ID: <20200826131626.63926FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2332-1 Rating: important References: #1173516 #1174559 #1175596 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mariadb fixes the following issues: - Update to 10.4.14 [bsc#1175596] * release notes: https://mariadb.com/kb/en/library/mariadb-10414-release-notes * change log: https://mariadb.com/kb/en/library/mariadb-10414-changelog - Fix crashes that occurred while creating tables for keystone database. [bsc#1174559, bsc#1173516]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2332=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.14-3.3.1 libmariadbd19-10.4.14-3.3.1 libmariadbd19-debuginfo-10.4.14-3.3.1 mariadb-10.4.14-3.3.1 mariadb-client-10.4.14-3.3.1 mariadb-client-debuginfo-10.4.14-3.3.1 mariadb-debuginfo-10.4.14-3.3.1 mariadb-debugsource-10.4.14-3.3.1 mariadb-tools-10.4.14-3.3.1 mariadb-tools-debuginfo-10.4.14-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): mariadb-errormessages-10.4.14-3.3.1 References: https://bugzilla.suse.com/1173516 https://bugzilla.suse.com/1174559 https://bugzilla.suse.com/1175596 From sle-updates at lists.suse.com Wed Aug 26 07:17:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:17:33 +0200 (CEST) Subject: SUSE-RU-2020:14465-1: moderate: Recommended update for kdump Message-ID: <20200826131733.691EFFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14465-1 Rating: moderate References: #1108170 #1108823 #1133407 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Add udev event support for *fadump*. (bsc#1108170, bsc#1108823) - Add required dependencies for *fadump* udev support. - Re-register *FADUMP* from userspace if the kernel cannot do it. (bsc#1108823) - Do not reload on CPU hot removal. (bsc#1133407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kdump-14465=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdump-14465=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kdump-0.8.4-56.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kdump-debuginfo-0.8.4-56.6.1 kdump-debugsource-0.8.4-56.6.1 References: https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1133407 From sle-updates at lists.suse.com Wed Aug 26 07:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:18:43 +0200 (CEST) Subject: SUSE-RU-2020:2335-1: moderate: Recommended update for perl-Bootloader Message-ID: <20200826131843.CFDA2FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2335-1 Rating: moderate References: #1174320 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Bootloader fixes the following issues: Update from version 0.928 to version 0.931 - The *grub2* module directory has been moved to */usr/share/grub2*, the *tpm.mod* is now checked there. (bsc#1174320) - Reduce the number of warning about fstab. - Do not warn about missing *SECURE_BOOT* sysconfig on systems with a minimalistic */etc/sysconfig/bootloader*. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2335=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2335=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Bootloader-YAML-0.931-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Bootloader-0.931-3.3.1 References: https://bugzilla.suse.com/1174320 From sle-updates at lists.suse.com Wed Aug 26 07:19:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 15:19:35 +0200 (CEST) Subject: SUSE-RU-2020:2334-1: moderate: Recommended update for NetworkManager Message-ID: <20200826131935.0C7C9FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2334-1 Rating: moderate References: #1164642 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager fixes the following issues: - Fix for NetworkManager not to mount automatically entries which are marked as 'noauto' Modify nfs script. (bsc#1164642) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2334=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2334=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2334=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): NetworkManager-lang-1.22.10-3.3.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-3.3.4 NetworkManager-debuginfo-1.22.10-3.3.4 NetworkManager-debugsource-1.22.10-3.3.4 NetworkManager-devel-1.22.10-3.3.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): NetworkManager-branding-SLE-42.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.22.10-3.3.4 NetworkManager-debugsource-1.22.10-3.3.4 libnm0-1.22.10-3.3.4 libnm0-debuginfo-1.22.10-3.3.4 typelib-1_0-NM-1_0-1.22.10-3.3.4 References: https://bugzilla.suse.com/1164642 From sle-updates at lists.suse.com Wed Aug 26 10:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 18:14:01 +0200 (CEST) Subject: SUSE-RU-2020:2338-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20200826161401.D49BDFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2338-1 Rating: important References: #1175752 #1175753 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Fixed an issue where the cache object for the update server was incomplete (bsc#1175752, bsc#1175753) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2338=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2338=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2338=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.1.3-6.37.1 cloud-regionsrv-client-generic-config-1.0.0-6.37.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.37.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.37.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.37.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.1.3-6.37.1 cloud-regionsrv-client-generic-config-1.0.0-6.37.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.37.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.37.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.37.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-9.1.3-6.37.1 cloud-regionsrv-client-generic-config-1.0.0-6.37.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.37.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.37.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.37.1 References: https://bugzilla.suse.com/1175752 https://bugzilla.suse.com/1175753 From sle-updates at lists.suse.com Wed Aug 26 10:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 18:15:45 +0200 (CEST) Subject: SUSE-RU-2020:2340-1: moderate: Recommended update for fftw3 Message-ID: <20200826161545.E38BFFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for fftw3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2340-1 Rating: moderate References: #1174329 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fftw3 fixes the following issues: - Fixes an issues when a malformatted spec file caused issues during building 'openmpi'. (bsc#1174329) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2340=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2340=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2340=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2340=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): fftw3-debugsource-3.3.6-11.3.2 fftw3-openmp-devel-3.3.6-11.3.2 fftw3-threads-devel-3.3.6-11.3.2 libfftw3_omp3-3.3.6-11.3.2 libfftw3_omp3-debuginfo-3.3.6-11.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le x86_64): fftw3-debugsource-3.3.6-11.3.2 fftw3-mpi-devel-3.3.6-11.3.2 libfftw3_mpi3-3.3.6-11.3.2 libfftw3_mpi3-debuginfo-3.3.6-11.3.2 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): fftw3-gnu-hpc-devel-3.3.6-11.3.1 fftw3-gnu-mpich-hpc-devel-3.3.6-11.3.1 fftw3-gnu-mvapich2-hpc-devel-3.3.6-11.3.2 fftw3-gnu-openmpi2-hpc-devel-3.3.6-11.3.2 fftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-11.3.1 fftw3_3_3_6-gnu-hpc-debugsource-3.3.6-11.3.1 fftw3_3_3_6-gnu-hpc-devel-3.3.6-11.3.1 fftw3_3_3_6-gnu-hpc-devel-debuginfo-3.3.6-11.3.1 fftw3_3_3_6-gnu-hpc-devel-static-3.3.6-11.3.1 fftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-11.3.1 fftw3_3_3_6-gnu-mpich-hpc-debugsource-3.3.6-11.3.1 fftw3_3_3_6-gnu-mpich-hpc-devel-3.3.6-11.3.1 fftw3_3_3_6-gnu-mpich-hpc-devel-debuginfo-3.3.6-11.3.1 fftw3_3_3_6-gnu-mpich-hpc-devel-static-3.3.6-11.3.1 fftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-11.3.2 fftw3_3_3_6-gnu-mvapich2-hpc-debugsource-3.3.6-11.3.2 fftw3_3_3_6-gnu-mvapich2-hpc-devel-3.3.6-11.3.2 fftw3_3_3_6-gnu-mvapich2-hpc-devel-debuginfo-3.3.6-11.3.2 fftw3_3_3_6-gnu-mvapich2-hpc-devel-static-3.3.6-11.3.2 fftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-11.3.2 fftw3_3_3_6-gnu-openmpi2-hpc-debugsource-3.3.6-11.3.2 fftw3_3_3_6-gnu-openmpi2-hpc-devel-3.3.6-11.3.2 fftw3_3_3_6-gnu-openmpi2-hpc-devel-debuginfo-3.3.6-11.3.2 fftw3_3_3_6-gnu-openmpi2-hpc-devel-static-3.3.6-11.3.2 libfftw3-gnu-hpc-3.3.6-11.3.1 libfftw3-gnu-mpich-hpc-3.3.6-11.3.1 libfftw3-gnu-mvapich2-hpc-3.3.6-11.3.2 libfftw3-gnu-openmpi2-hpc-3.3.6-11.3.2 libfftw3_3_3_6-gnu-hpc-3.3.6-11.3.1 libfftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-11.3.1 libfftw3_3_3_6-gnu-mpich-hpc-3.3.6-11.3.1 libfftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-11.3.1 libfftw3_3_3_6-gnu-mvapich2-hpc-3.3.6-11.3.2 libfftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-11.3.2 libfftw3_3_3_6-gnu-openmpi2-hpc-3.3.6-11.3.2 libfftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-11.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): fftw3-debugsource-3.3.6-11.3.2 fftw3-devel-3.3.6-11.3.2 fftw3-devel-debuginfo-3.3.6-11.3.2 libfftw3-3-3.3.6-11.3.2 libfftw3-3-debuginfo-3.3.6-11.3.2 libfftw3_threads3-3.3.6-11.3.2 libfftw3_threads3-debuginfo-3.3.6-11.3.2 References: https://bugzilla.suse.com/1174329 From sle-updates at lists.suse.com Wed Aug 26 10:16:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 18:16:36 +0200 (CEST) Subject: SUSE-RU-2020:2337-1: moderate: Recommended update for dracut Message-ID: <20200826161636.0F673FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2337-1 Rating: moderate References: #1172807 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2337=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2337=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2337=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2337=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2337=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dracut-044.2-18.70.1 dracut-debuginfo-044.2-18.70.1 dracut-debugsource-044.2-18.70.1 dracut-fips-044.2-18.70.1 dracut-ima-044.2-18.70.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dracut-044.2-18.70.1 dracut-debuginfo-044.2-18.70.1 dracut-debugsource-044.2-18.70.1 dracut-fips-044.2-18.70.1 dracut-ima-044.2-18.70.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.70.1 dracut-debuginfo-044.2-18.70.1 dracut-debugsource-044.2-18.70.1 dracut-fips-044.2-18.70.1 dracut-ima-044.2-18.70.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dracut-044.2-18.70.1 dracut-debuginfo-044.2-18.70.1 dracut-debugsource-044.2-18.70.1 dracut-fips-044.2-18.70.1 dracut-ima-044.2-18.70.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dracut-044.2-18.70.1 dracut-debuginfo-044.2-18.70.1 dracut-debugsource-044.2-18.70.1 dracut-fips-044.2-18.70.1 dracut-ima-044.2-18.70.1 References: https://bugzilla.suse.com/1172807 From sle-updates at lists.suse.com Wed Aug 26 10:17:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 18:17:26 +0200 (CEST) Subject: SUSE-RU-2020:2339-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20200826161726.BE06AFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2339-1 Rating: important References: #1174731 #1174732 #1174743 #1174791 #1174837 #1174937 #1175752 #1175753 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client contains the following fixes: - Fixed an issue where the cache object for the update server was incomplete (bsc#1175752, bsc#1175753) - Implemented changes to configure the client to use https only for outbound traffic (bsc#1174791, bsc#1174937) - Prefering now IMDSv2 and switched all IMDS access requests to support v2 token (bsc#1174743, bsc#1174837) - Improved the failover situation during registration, so that the client will now retry the last registration operation, before switching to another registration server. (bsc#1174731, bsc#1174732) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2339=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.1.3-52.44.1 cloud-regionsrv-client-generic-config-1.0.0-52.44.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.44.1 cloud-regionsrv-client-plugin-ec2-1.0.1-52.44.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.44.1 References: https://bugzilla.suse.com/1174731 https://bugzilla.suse.com/1174732 https://bugzilla.suse.com/1174743 https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174837 https://bugzilla.suse.com/1174937 https://bugzilla.suse.com/1175752 https://bugzilla.suse.com/1175753 From sle-updates at lists.suse.com Wed Aug 26 13:13:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:13:25 +0200 (CEST) Subject: SUSE-RU-2020:2341-1: moderate: Recommended update for regionServiceClientConfigGCE Message-ID: <20200826191325.E3C4AFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigGCE ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2341-1 Rating: moderate References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 3.0.1. (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2341=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2341=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigGCE-3.0.1-4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigGCE-3.0.1-4.6.1 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Wed Aug 26 13:14:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:14:23 +0200 (CEST) Subject: SUSE-SU-2020:2346-1: Security update for graphviz Message-ID: <20200826191423.0A1D7FEC3@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2346-1 Rating: low References: #1093447 Cross-References: CVE-2018-10196 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2346=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2346=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2346=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2346=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2346=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.6.8 graphviz-addons-debugsource-2.40.1-6.6.8 graphviz-tcl-2.40.1-6.6.8 graphviz-tcl-debuginfo-2.40.1-6.6.8 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.6.8 graphviz-addons-debugsource-2.40.1-6.6.8 graphviz-perl-2.40.1-6.6.8 graphviz-perl-debuginfo-2.40.1-6.6.8 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.6.4 graphviz-debuginfo-2.40.1-6.6.4 graphviz-debugsource-2.40.1-6.6.4 graphviz-devel-2.40.1-6.6.4 graphviz-plugins-core-2.40.1-6.6.4 graphviz-plugins-core-debuginfo-2.40.1-6.6.4 libgraphviz6-2.40.1-6.6.4 libgraphviz6-debuginfo-2.40.1-6.6.4 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.6.8 graphviz-addons-debugsource-2.40.1-6.6.8 graphviz-gd-2.40.1-6.6.8 graphviz-gd-debuginfo-2.40.1-6.6.8 graphviz-python-2.40.1-6.6.8 graphviz-python-debuginfo-2.40.1-6.6.8 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.6.8 graphviz-addons-debugsource-2.40.1-6.6.8 graphviz-gd-2.40.1-6.6.8 graphviz-gd-debuginfo-2.40.1-6.6.8 graphviz-python-2.40.1-6.6.8 graphviz-python-debuginfo-2.40.1-6.6.8 References: https://www.suse.com/security/cve/CVE-2018-10196.html https://bugzilla.suse.com/1093447 From sle-updates at lists.suse.com Wed Aug 26 13:15:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:15:16 +0200 (CEST) Subject: SUSE-SU-2020:0920-2: moderate: Security update for libxslt Message-ID: <20200826191516.37294FEC3@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0920-2 Rating: moderate References: #1154609 Cross-References: CVE-2019-18197 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-920=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-920=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-920=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-920=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-920=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-920=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-920=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-920=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-920=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-920=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-920=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE OpenStack Cloud 8 (x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 - SUSE Enterprise Storage 5 (x86_64): libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 - HPE Helion Openstack 8 (x86_64): libxslt-debugsource-1.1.28-17.9.1 libxslt-tools-1.1.28-17.9.1 libxslt-tools-debuginfo-1.1.28-17.9.1 libxslt1-1.1.28-17.9.1 libxslt1-32bit-1.1.28-17.9.1 libxslt1-debuginfo-1.1.28-17.9.1 libxslt1-debuginfo-32bit-1.1.28-17.9.1 References: https://www.suse.com/security/cve/CVE-2019-18197.html https://bugzilla.suse.com/1154609 From sle-updates at lists.suse.com Wed Aug 26 13:16:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:16:07 +0200 (CEST) Subject: SUSE-RU-2020:2349-1: moderate: Recommended update for hyper-v Message-ID: <20200826191607.B7727FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2349-1 Rating: moderate References: #1093910 #1174443 #1174444 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors. - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts. - Enable build on aarch64. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2349=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): hyper-v-8-14.3.1 hyper-v-debuginfo-8-14.3.1 hyper-v-debugsource-8-14.3.1 References: https://bugzilla.suse.com/1093910 https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 From sle-updates at lists.suse.com Wed Aug 26 13:17:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:17:07 +0200 (CEST) Subject: SUSE-RU-2020:2342-1: moderate: Recommended update for regionServiceClientConfigGCE Message-ID: <20200826191707.3BBDCFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigGCE ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2342-1 Rating: moderate References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 3.0.1. (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2342=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigGCE-3.0.1-5.9.1 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Wed Aug 26 13:18:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:18:02 +0200 (CEST) Subject: SUSE-RU-2020:2350-1: moderate: Recommended update for hyper-v Message-ID: <20200826191802.2641DFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2350-1 Rating: moderate References: #1093910 #1100758 #1174443 #1174444 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning - Fixed Python pep8/flake8 warnings for lsvmbus - Replace GPLv2 boilerplate/reference with SPDX - Fix a warning of buffer overflow with gcc 8.0.1 - fcopy: set 'error' in case an unknown operation was requested - vss: fix loop device detection. - Fix IP reporting by KVP daemon with SRIOV - Fix a bug in the key delete code - Fix compiler warnings about major/target_fname Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2350=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2350=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2350=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2350=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): hyper-v-8-6.3.1 hyper-v-debuginfo-8-6.3.1 hyper-v-debugsource-8-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): hyper-v-8-6.3.1 hyper-v-debuginfo-8-6.3.1 hyper-v-debugsource-8-6.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): hyper-v-8-6.3.1 hyper-v-debuginfo-8-6.3.1 hyper-v-debugsource-8-6.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): hyper-v-8-6.3.1 hyper-v-debuginfo-8-6.3.1 hyper-v-debugsource-8-6.3.1 References: https://bugzilla.suse.com/1093910 https://bugzilla.suse.com/1100758 https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 From sle-updates at lists.suse.com Wed Aug 26 13:19:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:19:08 +0200 (CEST) Subject: SUSE-RU-2020:2351-1: moderate: Recommended update for suse-prime Message-ID: <20200826191908.D0CC2FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-prime ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2351-1 Rating: moderate References: #1173632 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-prime fixes the following issues: Update from version 0.7.7 to version 0.7.14 - Avoid endless loop when nvidia modules cannot be unloaded. (bsc#1173632) - Fixes *user_logout_waiter* for gdm autologin. - Prevents intermittent 1s - 1.5s freezes on Turing GPU's in nvidia mode. - Improved documentation: * fixed requirements for DynamicPowerManagement to power off NVIDIA GPU (Turing GPU or later is needed!) * Better explain power-off/powersave option of NVIDIA GPU * Improved documentation about the requirements for NVIDIA's PRIME render offload support; it needs Xserver of Leap 15.2 or later * Fixed syntax in command - Use full path in invoking prime-select - Blacklist *ipmi_msghandler*, *ipmi_devintf* kernel modules Make sure these kernel modules are not loaded. Otherwise it may not be possible to turn off NVIDIA GPU. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2351=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): suse-prime-0.7.14-3.3.1 References: https://bugzilla.suse.com/1173632 From sle-updates at lists.suse.com Wed Aug 26 13:19:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:19:58 +0200 (CEST) Subject: SUSE-RU-2020:2348-1: moderate: Recommended update for hyper-v Message-ID: <20200826191958.82CBEFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2348-1 Rating: moderate References: #1093910 #1100758 #1174443 #1174444 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors. - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning. - fixed Python pep8/flake8 warnings for lsvmbus. - Replace GPLv2 boilerplate/reference with SPDX. - Fix a warning of buffer overflow with gcc 8.0.1. - fcopy: set 'error' in case an unknown operation was requested. - vss: fix loop device detection. - Fix IP reporting by KVP daemon with SRIOV. - Fix a bug in the key delete code. - fix compiler warnings about major/target_fname. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2348=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2348=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2348=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2348=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2348=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2348=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2348=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2348=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2348=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2348=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2348=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE OpenStack Cloud 8 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE OpenStack Cloud 7 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - SUSE Enterprise Storage 5 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 - HPE Helion Openstack 8 (x86_64): hyper-v-8-21.1 hyper-v-debuginfo-8-21.1 hyper-v-debugsource-8-21.1 References: https://bugzilla.suse.com/1093910 https://bugzilla.suse.com/1100758 https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 From sle-updates at lists.suse.com Wed Aug 26 13:21:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:21:11 +0200 (CEST) Subject: SUSE-RU-2020:2347-1: moderate: Recommended update for hyper-v Message-ID: <20200826192111.EF252FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2347-1 Rating: moderate References: #1093910 #1100758 #1174443 #1174444 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors. - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning. - Fixed Python pep8/flake8 warnings for lsvmbus. - Replace GPLv2 boilerplate/reference with SPDX. - Fix a warning of buffer overflow with gcc 8.0.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2347=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2347=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2347=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2347=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2347=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): hyper-v-8-9.3.1 hyper-v-debuginfo-8-9.3.1 hyper-v-debugsource-8-9.3.1 - SUSE OpenStack Cloud 9 (x86_64): hyper-v-8-9.3.1 hyper-v-debuginfo-8-9.3.1 hyper-v-debugsource-8-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): hyper-v-8-9.3.1 hyper-v-debuginfo-8-9.3.1 hyper-v-debugsource-8-9.3.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): hyper-v-8-9.3.1 hyper-v-debuginfo-8-9.3.1 hyper-v-debugsource-8-9.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): hyper-v-8-9.3.1 hyper-v-debuginfo-8-9.3.1 hyper-v-debugsource-8-9.3.1 References: https://bugzilla.suse.com/1093910 https://bugzilla.suse.com/1100758 https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 From sle-updates at lists.suse.com Wed Aug 26 13:22:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Aug 2020 21:22:20 +0200 (CEST) Subject: SUSE-SU-2020:2344-1: moderate: Security update for apache2 Message-ID: <20200826192220.ACD13FEC3@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2344-1 Rating: moderate References: #1175070 #1175071 #1175074 Cross-References: CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2344=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2344=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2344=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2344=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2344=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-3.33.1 apache2-debuginfo-2.4.33-3.33.1 apache2-debugsource-2.4.33-3.33.1 apache2-devel-2.4.33-3.33.1 apache2-prefork-2.4.33-3.33.1 apache2-prefork-debuginfo-2.4.33-3.33.1 apache2-utils-2.4.33-3.33.1 apache2-utils-debuginfo-2.4.33-3.33.1 apache2-worker-2.4.33-3.33.1 apache2-worker-debuginfo-2.4.33-3.33.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-3.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-3.33.1 apache2-debuginfo-2.4.33-3.33.1 apache2-debugsource-2.4.33-3.33.1 apache2-devel-2.4.33-3.33.1 apache2-prefork-2.4.33-3.33.1 apache2-prefork-debuginfo-2.4.33-3.33.1 apache2-utils-2.4.33-3.33.1 apache2-utils-debuginfo-2.4.33-3.33.1 apache2-worker-2.4.33-3.33.1 apache2-worker-debuginfo-2.4.33-3.33.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-3.33.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.33.1 apache2-debuginfo-2.4.33-3.33.1 apache2-debugsource-2.4.33-3.33.1 apache2-devel-2.4.33-3.33.1 apache2-prefork-2.4.33-3.33.1 apache2-prefork-debuginfo-2.4.33-3.33.1 apache2-utils-2.4.33-3.33.1 apache2-utils-debuginfo-2.4.33-3.33.1 apache2-worker-2.4.33-3.33.1 apache2-worker-debuginfo-2.4.33-3.33.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): apache2-doc-2.4.33-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-3.33.1 apache2-debuginfo-2.4.33-3.33.1 apache2-debugsource-2.4.33-3.33.1 apache2-devel-2.4.33-3.33.1 apache2-prefork-2.4.33-3.33.1 apache2-prefork-debuginfo-2.4.33-3.33.1 apache2-utils-2.4.33-3.33.1 apache2-utils-debuginfo-2.4.33-3.33.1 apache2-worker-2.4.33-3.33.1 apache2-worker-debuginfo-2.4.33-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-3.33.1 apache2-debuginfo-2.4.33-3.33.1 apache2-debugsource-2.4.33-3.33.1 apache2-devel-2.4.33-3.33.1 apache2-prefork-2.4.33-3.33.1 apache2-prefork-debuginfo-2.4.33-3.33.1 apache2-utils-2.4.33-3.33.1 apache2-utils-debuginfo-2.4.33-3.33.1 apache2-worker-2.4.33-3.33.1 apache2-worker-debuginfo-2.4.33-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-3.33.1 References: https://www.suse.com/security/cve/CVE-2020-11984.html https://www.suse.com/security/cve/CVE-2020-11993.html https://www.suse.com/security/cve/CVE-2020-9490.html https://bugzilla.suse.com/1175070 https://bugzilla.suse.com/1175071 https://bugzilla.suse.com/1175074 From sle-updates at lists.suse.com Thu Aug 27 04:13:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Aug 2020 12:13:53 +0200 (CEST) Subject: SUSE-RU-2020:2352-1: moderate: Recommended update for samba Message-ID: <20200827101353.CE61CFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2352-1 Rating: moderate References: #1172810 #1174120 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) - Fix for command 'net' as it is unable to negotiate with 'SMB2'. (bsc#1174120) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2352=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2352=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2352=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-policy0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-ad-dc-4.9.5+git.350.020abd898fa-3.41.1 samba-ad-dc-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debugsource-4.9.5+git.350.020abd898fa-3.41.1 samba-dsdb-modules-4.9.5+git.350.020abd898fa-3.41.1 samba-dsdb-modules-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-python-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-python-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-python-4.9.5+git.350.020abd898fa-3.41.1 samba-python-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-binding0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-devel-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-samr-devel-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-samr0-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-samr0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc0-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-devel-4.9.5+git.350.020abd898fa-3.41.1 libndr-krb5pac-devel-4.9.5+git.350.020abd898fa-3.41.1 libndr-krb5pac0-4.9.5+git.350.020abd898fa-3.41.1 libndr-krb5pac0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-nbt-devel-4.9.5+git.350.020abd898fa-3.41.1 libndr-nbt0-4.9.5+git.350.020abd898fa-3.41.1 libndr-nbt0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-standard-devel-4.9.5+git.350.020abd898fa-3.41.1 libndr-standard0-4.9.5+git.350.020abd898fa-3.41.1 libndr-standard0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr0-4.9.5+git.350.020abd898fa-3.41.1 libndr0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libnetapi-devel-4.9.5+git.350.020abd898fa-3.41.1 libnetapi0-4.9.5+git.350.020abd898fa-3.41.1 libnetapi0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-credentials-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-credentials0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-credentials0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-errors-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-errors0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-errors0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-hostconfig-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-hostconfig0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-hostconfig0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-passdb-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-passdb0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-passdb0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-policy-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-policy-python3-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-policy0-python3-4.9.5+git.350.020abd898fa-3.41.1 libsamba-policy0-python3-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-util-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamba-util0-4.9.5+git.350.020abd898fa-3.41.1 libsamba-util0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamdb-devel-4.9.5+git.350.020abd898fa-3.41.1 libsamdb0-4.9.5+git.350.020abd898fa-3.41.1 libsamdb0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsmbclient-devel-4.9.5+git.350.020abd898fa-3.41.1 libsmbclient0-4.9.5+git.350.020abd898fa-3.41.1 libsmbclient0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsmbconf-devel-4.9.5+git.350.020abd898fa-3.41.1 libsmbconf0-4.9.5+git.350.020abd898fa-3.41.1 libsmbconf0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsmbldap-devel-4.9.5+git.350.020abd898fa-3.41.1 libsmbldap2-4.9.5+git.350.020abd898fa-3.41.1 libsmbldap2-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libtevent-util-devel-4.9.5+git.350.020abd898fa-3.41.1 libtevent-util0-4.9.5+git.350.020abd898fa-3.41.1 libtevent-util0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libwbclient-devel-4.9.5+git.350.020abd898fa-3.41.1 libwbclient0-4.9.5+git.350.020abd898fa-3.41.1 libwbclient0-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-4.9.5+git.350.020abd898fa-3.41.1 samba-client-4.9.5+git.350.020abd898fa-3.41.1 samba-client-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-core-devel-4.9.5+git.350.020abd898fa-3.41.1 samba-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debugsource-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-python3-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-python3-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-python3-4.9.5+git.350.020abd898fa-3.41.1 samba-python3-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-winbind-4.9.5+git.350.020abd898fa-3.41.1 samba-winbind-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libdcerpc0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-krb5pac0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-nbt0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr-standard0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libndr-standard0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libndr0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libndr0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libnetapi0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libnetapi0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-credentials0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-errors0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-hostconfig0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-passdb0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamba-util0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamba-util0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsamdb0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsamdb0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsmbconf0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsmbconf0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libsmbldap2-32bit-4.9.5+git.350.020abd898fa-3.41.1 libsmbldap2-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libtevent-util0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libtevent-util0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 libwbclient0-32bit-4.9.5+git.350.020abd898fa-3.41.1 libwbclient0-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-32bit-4.9.5+git.350.020abd898fa-3.41.1 samba-libs-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-winbind-32bit-4.9.5+git.350.020abd898fa-3.41.1 samba-winbind-32bit-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.350.020abd898fa-3.41.1 ctdb-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debugsource-4.9.5+git.350.020abd898fa-3.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.350.020abd898fa-3.41.1 samba-ceph-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debuginfo-4.9.5+git.350.020abd898fa-3.41.1 samba-debugsource-4.9.5+git.350.020abd898fa-3.41.1 References: https://bugzilla.suse.com/1172810 https://bugzilla.suse.com/1174120 From sle-updates at lists.suse.com Thu Aug 27 04:15:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Aug 2020 12:15:05 +0200 (CEST) Subject: SUSE-RU-2020:2353-1: moderate: Recommended update for fftw3 Message-ID: <20200827101505.580C0FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for fftw3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2353-1 Rating: moderate References: #1174329 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fftw3 fixes the following issues: - Fixes an issues when a malformatted spec file caused issues during building 'openmpi'. (bsc#1174329) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2353=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2353=1 - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-2353=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2353=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fftw3-debugsource-3.3.8-4.3.2 fftw3-openmp-devel-3.3.8-4.3.2 fftw3-threads-devel-3.3.8-4.3.2 libfftw3_omp3-3.3.8-4.3.2 libfftw3_omp3-debuginfo-3.3.8-4.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le x86_64): fftw3-debugsource-3.3.8-4.3.2 fftw3-mpi-devel-3.3.8-4.3.2 libfftw3_mpi3-3.3.8-4.3.2 libfftw3_mpi3-debuginfo-3.3.8-4.3.2 - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): fftw3-gnu-hpc-devel-3.3.8-4.3.1 fftw3-gnu-mpich-hpc-devel-3.3.8-4.3.1 fftw3-gnu-mvapich2-hpc-devel-3.3.8-4.3.2 fftw3-gnu-openmpi2-hpc-devel-3.3.8-4.3.2 fftw3-gnu-openmpi3-hpc-devel-3.3.8-4.3.2 fftw3_3_3_8-gnu-hpc-debuginfo-3.3.8-4.3.1 fftw3_3_3_8-gnu-hpc-debugsource-3.3.8-4.3.1 fftw3_3_3_8-gnu-hpc-devel-3.3.8-4.3.1 fftw3_3_3_8-gnu-hpc-devel-debuginfo-3.3.8-4.3.1 fftw3_3_3_8-gnu-hpc-devel-static-3.3.8-4.3.1 fftw3_3_3_8-gnu-mpich-hpc-debuginfo-3.3.8-4.3.1 fftw3_3_3_8-gnu-mpich-hpc-debugsource-3.3.8-4.3.1 fftw3_3_3_8-gnu-mpich-hpc-devel-3.3.8-4.3.1 fftw3_3_3_8-gnu-mpich-hpc-devel-debuginfo-3.3.8-4.3.1 fftw3_3_3_8-gnu-mpich-hpc-devel-static-3.3.8-4.3.1 fftw3_3_3_8-gnu-mvapich2-hpc-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-mvapich2-hpc-debugsource-3.3.8-4.3.2 fftw3_3_3_8-gnu-mvapich2-hpc-devel-3.3.8-4.3.2 fftw3_3_3_8-gnu-mvapich2-hpc-devel-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-mvapich2-hpc-devel-static-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi2-hpc-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi2-hpc-debugsource-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi2-hpc-devel-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi2-hpc-devel-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi2-hpc-devel-static-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi3-hpc-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi3-hpc-debugsource-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi3-hpc-devel-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi3-hpc-devel-debuginfo-3.3.8-4.3.2 fftw3_3_3_8-gnu-openmpi3-hpc-devel-static-3.3.8-4.3.2 libfftw3-gnu-hpc-3.3.8-4.3.1 libfftw3-gnu-mpich-hpc-3.3.8-4.3.1 libfftw3-gnu-mvapich2-hpc-3.3.8-4.3.2 libfftw3-gnu-openmpi2-hpc-3.3.8-4.3.2 libfftw3-gnu-openmpi3-hpc-3.3.8-4.3.2 libfftw3_3_3_8-gnu-hpc-3.3.8-4.3.1 libfftw3_3_3_8-gnu-hpc-debuginfo-3.3.8-4.3.1 libfftw3_3_3_8-gnu-mpich-hpc-3.3.8-4.3.1 libfftw3_3_3_8-gnu-mpich-hpc-debuginfo-3.3.8-4.3.1 libfftw3_3_3_8-gnu-mvapich2-hpc-3.3.8-4.3.2 libfftw3_3_3_8-gnu-mvapich2-hpc-debuginfo-3.3.8-4.3.2 libfftw3_3_3_8-gnu-openmpi2-hpc-3.3.8-4.3.2 libfftw3_3_3_8-gnu-openmpi2-hpc-debuginfo-3.3.8-4.3.2 libfftw3_3_3_8-gnu-openmpi3-hpc-3.3.8-4.3.2 libfftw3_3_3_8-gnu-openmpi3-hpc-debuginfo-3.3.8-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fftw3-debugsource-3.3.8-4.3.2 fftw3-devel-3.3.8-4.3.2 fftw3-devel-debuginfo-3.3.8-4.3.2 libfftw3-3-3.3.8-4.3.2 libfftw3-3-debuginfo-3.3.8-4.3.2 libfftw3_threads3-3.3.8-4.3.2 libfftw3_threads3-debuginfo-3.3.8-4.3.2 References: https://bugzilla.suse.com/1174329 From sle-updates at lists.suse.com Thu Aug 27 13:14:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Aug 2020 21:14:24 +0200 (CEST) Subject: SUSE-RU-2020:2354-1: moderate: Recommended update for netcdf-fortran Message-ID: <20200827191424.BE108FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcdf-fortran ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2354-1 Rating: moderate References: #1173598 #1174177 #1174291 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for netcdf and netcdf-fortran fixes the following issues: netcdf: - NetCDF modules should be called 'netcdf' - regardless whether they are 'serial' or use MPI. (bsc#1174291) netcdf-fortran: - The convention is to use the module name 'pnetcdf' for Parallel-NetCDF (called PnetCDF now). - Fix ldconfig args for HPC packages: no caching should be done as the libs are made available via LD_LIBRARY_PATH. - Add serial HPC build flavor. (bsc#1174177) For loading serial module, run 'module load netcdf-fortran' for an MPI variant use 'module load pnetcdf-fortran'. - Fixed bug in module file. - Gfortran from gcc-10 requires -std=legacy to build the Fortran code in netcdf-fortran. (bsc#1173598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-2354=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): libnetcdf-fortran-gnu-mpich-hpc-4.5.2-6.8.1 libnetcdf-fortran-gnu-mvapich2-hpc-4.5.2-6.8.1 libnetcdf-fortran-gnu-openmpi2-hpc-4.5.2-6.8.1 libnetcdf-fortran-gnu-openmpi3-hpc-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-mpich-hpc-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-mpich-hpc-debuginfo-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-mvapich2-hpc-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-mvapich2-hpc-debuginfo-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-openmpi2-hpc-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-openmpi2-hpc-debuginfo-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-openmpi3-hpc-4.5.2-6.8.1 libnetcdf-fortran_4_5_2-gnu-openmpi3-hpc-debuginfo-4.5.2-6.8.1 libnetcdf-gnu-hpc-4.7.3-3.4.2 libnetcdf-gnu-mpich-hpc-4.7.3-3.4.2 libnetcdf-gnu-mvapich2-hpc-4.7.3-3.4.2 libnetcdf-gnu-openmpi2-hpc-4.7.3-3.4.2 libnetcdf-gnu-openmpi3-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-hpc-debuginfo-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-mpich-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-mpich-hpc-debuginfo-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-mvapich2-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-mvapich2-hpc-debuginfo-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-openmpi2-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-openmpi2-hpc-debuginfo-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-openmpi3-hpc-4.7.3-3.4.2 libnetcdf_4_7_3-gnu-openmpi3-hpc-debuginfo-4.7.3-3.4.2 netcdf-fortran_4_5_2-gnu-mpich-hpc-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mpich-hpc-debugsource-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mpich-hpc-devel-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mpich-hpc-devel-static-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mvapich2-hpc-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mvapich2-hpc-debugsource-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mvapich2-hpc-devel-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-mvapich2-hpc-devel-static-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi2-hpc-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi2-hpc-debugsource-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi2-hpc-devel-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi2-hpc-devel-static-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi3-hpc-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi3-hpc-debugsource-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi3-hpc-devel-4.5.2-6.8.1 netcdf-fortran_4_5_2-gnu-openmpi3-hpc-devel-static-4.5.2-6.8.1 netcdf_4_7_3-gnu-hpc-4.7.3-3.4.2 netcdf_4_7_3-gnu-hpc-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-hpc-debugsource-4.7.3-3.4.2 netcdf_4_7_3-gnu-hpc-devel-4.7.3-3.4.2 netcdf_4_7_3-gnu-hpc-devel-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-hpc-devel-static-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-debugsource-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-devel-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-devel-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-mpich-hpc-devel-static-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-debugsource-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-devel-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-devel-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-mvapich2-hpc-devel-static-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-debugsource-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-devel-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-devel-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi2-hpc-devel-static-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-debugsource-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-devel-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-devel-debuginfo-4.7.3-3.4.2 netcdf_4_7_3-gnu-openmpi3-hpc-devel-static-4.7.3-3.4.2 - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): netcdf-fortran-gnu-mpich-hpc-4.5.2-6.8.1 netcdf-fortran-gnu-mpich-hpc-devel-4.5.2-6.8.1 netcdf-fortran-gnu-mvapich2-hpc-4.5.2-6.8.1 netcdf-fortran-gnu-mvapich2-hpc-devel-4.5.2-6.8.1 netcdf-fortran-gnu-openmpi2-hpc-4.5.2-6.8.1 netcdf-fortran-gnu-openmpi2-hpc-devel-4.5.2-6.8.1 netcdf-fortran-gnu-openmpi3-hpc-4.5.2-6.8.1 netcdf-fortran-gnu-openmpi3-hpc-devel-4.5.2-6.8.1 netcdf-gnu-hpc-4.7.3-3.4.2 netcdf-gnu-hpc-devel-4.7.3-3.4.2 netcdf-gnu-mpich-hpc-4.7.3-3.4.2 netcdf-gnu-mpich-hpc-devel-4.7.3-3.4.2 netcdf-gnu-mvapich2-hpc-4.7.3-3.4.2 netcdf-gnu-mvapich2-hpc-devel-4.7.3-3.4.2 netcdf-gnu-openmpi2-hpc-4.7.3-3.4.2 netcdf-gnu-openmpi2-hpc-devel-4.7.3-3.4.2 netcdf-gnu-openmpi3-hpc-4.7.3-3.4.2 netcdf-gnu-openmpi3-hpc-devel-4.7.3-3.4.2 References: https://bugzilla.suse.com/1173598 https://bugzilla.suse.com/1174177 https://bugzilla.suse.com/1174291 From sle-updates at lists.suse.com Thu Aug 27 16:18:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 00:18:34 +0200 (CEST) Subject: SUSE-SU-2020:2357-1: moderate: Security update for libqt5-qtbase Message-ID: <20200827221834.6F2F3FEC3@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2357-1 Rating: moderate References: #1172726 #1173758 Cross-References: CVE-2020-13962 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - Fixed a possible crash in certificate parsing. - Fixed a DoS in QSslSocket (bsc#1172726, CVE-2020-13962). - Added support for PostgreSQL 12 (bsc#1173758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2357=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.12.7-4.3.1 libQt5Sql5-mysql-5.12.7-4.3.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.3.1 libQt5Sql5-postgresql-5.12.7-4.3.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.3.1 libQt5Sql5-unixODBC-5.12.7-4.3.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.3.1 libqt5-qtbase-debugsource-5.12.7-4.3.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.3.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.12.7-4.3.1 libQt5Concurrent5-5.12.7-4.3.1 libQt5Concurrent5-debuginfo-5.12.7-4.3.1 libQt5Core-devel-5.12.7-4.3.1 libQt5Core5-5.12.7-4.3.1 libQt5Core5-debuginfo-5.12.7-4.3.1 libQt5DBus-devel-5.12.7-4.3.1 libQt5DBus-devel-debuginfo-5.12.7-4.3.1 libQt5DBus5-5.12.7-4.3.1 libQt5DBus5-debuginfo-5.12.7-4.3.1 libQt5Gui-devel-5.12.7-4.3.1 libQt5Gui5-5.12.7-4.3.1 libQt5Gui5-debuginfo-5.12.7-4.3.1 libQt5KmsSupport-devel-static-5.12.7-4.3.1 libQt5Network-devel-5.12.7-4.3.1 libQt5Network5-5.12.7-4.3.1 libQt5Network5-debuginfo-5.12.7-4.3.1 libQt5OpenGL-devel-5.12.7-4.3.1 libQt5OpenGL5-5.12.7-4.3.1 libQt5OpenGL5-debuginfo-5.12.7-4.3.1 libQt5PlatformHeaders-devel-5.12.7-4.3.1 libQt5PlatformSupport-devel-static-5.12.7-4.3.1 libQt5PrintSupport-devel-5.12.7-4.3.1 libQt5PrintSupport5-5.12.7-4.3.1 libQt5PrintSupport5-debuginfo-5.12.7-4.3.1 libQt5Sql-devel-5.12.7-4.3.1 libQt5Sql5-5.12.7-4.3.1 libQt5Sql5-debuginfo-5.12.7-4.3.1 libQt5Sql5-sqlite-5.12.7-4.3.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.3.1 libQt5Test-devel-5.12.7-4.3.1 libQt5Test5-5.12.7-4.3.1 libQt5Test5-debuginfo-5.12.7-4.3.1 libQt5Widgets-devel-5.12.7-4.3.1 libQt5Widgets5-5.12.7-4.3.1 libQt5Widgets5-debuginfo-5.12.7-4.3.1 libQt5Xml-devel-5.12.7-4.3.1 libQt5Xml5-5.12.7-4.3.1 libQt5Xml5-debuginfo-5.12.7-4.3.1 libqt5-qtbase-common-devel-5.12.7-4.3.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.3.1 libqt5-qtbase-debugsource-5.12.7-4.3.1 libqt5-qtbase-devel-5.12.7-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libQt5Core-private-headers-devel-5.12.7-4.3.1 libQt5DBus-private-headers-devel-5.12.7-4.3.1 libQt5Gui-private-headers-devel-5.12.7-4.3.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.3.1 libQt5Network-private-headers-devel-5.12.7-4.3.1 libQt5OpenGL-private-headers-devel-5.12.7-4.3.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.3.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.3.1 libQt5Sql-private-headers-devel-5.12.7-4.3.1 libQt5Test-private-headers-devel-5.12.7-4.3.1 libQt5Widgets-private-headers-devel-5.12.7-4.3.1 libqt5-qtbase-private-headers-devel-5.12.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-13962.html https://bugzilla.suse.com/1172726 https://bugzilla.suse.com/1173758 From sle-updates at lists.suse.com Thu Aug 27 16:20:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 00:20:19 +0200 (CEST) Subject: SUSE-SU-2020:14468-1: moderate: Security update for openvpn-openssl1 Message-ID: <20200827222019.03DC7FF0B@maintenance.suse.de> SUSE Security Update: Security update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14468-1 Rating: moderate References: #959714 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openvpn-openssl1 fixes the following issues: - Fixed Out of bounds read on getaddrinfo() result (bsc#959714). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openvpn-openssl1-14468=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.10.6.1 openvpn-openssl1-down-root-plugin-2.3.2-0.10.6.1 References: https://bugzilla.suse.com/959714 From sle-updates at lists.suse.com Thu Aug 27 16:22:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 00:22:00 +0200 (CEST) Subject: SUSE-SU-2020:2359-1: moderate: Security update for openvpn Message-ID: <20200827222200.600C1FF0B@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2359-1 Rating: moderate References: #959714 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openvpn fixes the following issues: - openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch was malformed in a way that caused patch(1) to ignore it. (bsc#959714) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2359=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openvpn-2.3.8-16.23.1 openvpn-auth-pam-plugin-2.3.8-16.23.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.23.1 openvpn-debuginfo-2.3.8-16.23.1 openvpn-debugsource-2.3.8-16.23.1 References: https://bugzilla.suse.com/959714 From sle-updates at lists.suse.com Thu Aug 27 16:22:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 00:22:52 +0200 (CEST) Subject: SUSE-SU-2020:2355-1: important: Security update for postgresql10 Message-ID: <20200827222252.9AE6CFF0B@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2355-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2355=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2355=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.14-8.19.1 postgresql10-contrib-debuginfo-10.14-8.19.1 postgresql10-debuginfo-10.14-8.19.1 postgresql10-debugsource-10.14-8.19.1 postgresql10-devel-10.14-8.19.1 postgresql10-devel-debuginfo-10.14-8.19.1 postgresql10-plperl-10.14-8.19.1 postgresql10-plperl-debuginfo-10.14-8.19.1 postgresql10-plpython-10.14-8.19.1 postgresql10-plpython-debuginfo-10.14-8.19.1 postgresql10-pltcl-10.14-8.19.1 postgresql10-pltcl-debuginfo-10.14-8.19.1 postgresql10-server-10.14-8.19.1 postgresql10-server-debuginfo-10.14-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql10-docs-10.14-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.14-8.19.1 postgresql10-contrib-debuginfo-10.14-8.19.1 postgresql10-debuginfo-10.14-8.19.1 postgresql10-debugsource-10.14-8.19.1 postgresql10-devel-10.14-8.19.1 postgresql10-devel-debuginfo-10.14-8.19.1 postgresql10-plperl-10.14-8.19.1 postgresql10-plperl-debuginfo-10.14-8.19.1 postgresql10-plpython-10.14-8.19.1 postgresql10-plpython-debuginfo-10.14-8.19.1 postgresql10-pltcl-10.14-8.19.1 postgresql10-pltcl-debuginfo-10.14-8.19.1 postgresql10-server-10.14-8.19.1 postgresql10-server-debuginfo-10.14-8.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql10-docs-10.14-8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-10.14-8.19.1 postgresql10-debuginfo-10.14-8.19.1 postgresql10-debugsource-10.14-8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-10.14-8.19.1 postgresql10-debuginfo-10.14-8.19.1 postgresql10-debugsource-10.14-8.19.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 From sle-updates at lists.suse.com Thu Aug 27 23:56:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 07:56:40 +0200 (CEST) Subject: SUSE-CU-2020:415-1: Recommended update of registry/harbor-portal Message-ID: <20200828055640.25BDFFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:415-1 Container Tags : registry/harbor-portal:2.0.2 , registry/harbor-portal:2.0.2-rev1 , registry/harbor-portal:2.0.2-rev1-build2.17 Container Release : 2.17 Severity : low Type : recommended References : ----------------------------------------------------------------- The container registry/harbor-portal was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Fri Aug 28 07:13:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 15:13:35 +0200 (CEST) Subject: SUSE-SU-2020:2360-1: moderate: Security update for targetcli-fb Message-ID: <20200828131335.19C8EFDE4@maintenance.suse.de> SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2360-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed weak permissions for /etc/target (bsc#1172743). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2360=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): targetcli-fb-2.1.43-7.9.4 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 From sle-updates at lists.suse.com Fri Aug 28 10:13:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:13:25 +0200 (CEST) Subject: SUSE-RU-2020:14471-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828161325.08E0CFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14471-1 Rating: moderate References: #1171281 #1171461 #1172211 #1172709 #1173936 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202008-14471=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.10.1 salt-minion-3000+ds-1+2.10.1 spacecmd-4.1.6-2.6.1 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:14:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:14:41 +0200 (CEST) Subject: SUSE-RU-2020:2372-1: moderate: Recommended update for Salt Message-ID: <20200828161441.2201FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2372-1 Rating: moderate References: #1171461 #1172211 #1173936 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2372=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2372=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2372=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2372=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.81.1 python3-salt-3000-5.81.1 salt-3000-5.81.1 salt-api-3000-5.81.1 salt-cloud-3000-5.81.1 salt-doc-3000-5.81.1 salt-master-3000-5.81.1 salt-minion-3000-5.81.1 salt-proxy-3000-5.81.1 salt-ssh-3000-5.81.1 salt-standalone-formulas-configuration-3000-5.81.1 salt-syndic-3000-5.81.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.81.1 salt-fish-completion-3000-5.81.1 salt-zsh-completion-3000-5.81.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.81.1 python3-salt-3000-5.81.1 salt-3000-5.81.1 salt-api-3000-5.81.1 salt-cloud-3000-5.81.1 salt-doc-3000-5.81.1 salt-master-3000-5.81.1 salt-minion-3000-5.81.1 salt-proxy-3000-5.81.1 salt-ssh-3000-5.81.1 salt-standalone-formulas-configuration-3000-5.81.1 salt-syndic-3000-5.81.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.81.1 salt-fish-completion-3000-5.81.1 salt-zsh-completion-3000-5.81.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.81.1 python3-salt-3000-5.81.1 salt-3000-5.81.1 salt-api-3000-5.81.1 salt-cloud-3000-5.81.1 salt-doc-3000-5.81.1 salt-master-3000-5.81.1 salt-minion-3000-5.81.1 salt-proxy-3000-5.81.1 salt-ssh-3000-5.81.1 salt-standalone-formulas-configuration-3000-5.81.1 salt-syndic-3000-5.81.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.81.1 salt-fish-completion-3000-5.81.1 salt-zsh-completion-3000-5.81.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.81.1 python3-salt-3000-5.81.1 salt-3000-5.81.1 salt-api-3000-5.81.1 salt-cloud-3000-5.81.1 salt-doc-3000-5.81.1 salt-master-3000-5.81.1 salt-minion-3000-5.81.1 salt-proxy-3000-5.81.1 salt-ssh-3000-5.81.1 salt-standalone-formulas-configuration-3000-5.81.1 salt-syndic-3000-5.81.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.81.1 salt-fish-completion-3000-5.81.1 salt-zsh-completion-3000-5.81.1 References: https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:15:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:15:46 +0200 (CEST) Subject: SUSE-RU-2020:2371-1: moderate: Recommended update for Salt Message-ID: <20200828161546.4438DFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2371-1 Rating: moderate References: #1171461 #1172211 #1173936 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-2371=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2371=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-2371=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-2371=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-2371=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.104.1 python3-salt-3000-46.104.1 salt-3000-46.104.1 salt-doc-3000-46.104.1 salt-minion-3000-46.104.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-3000-46.104.1 python3-salt-3000-46.104.1 salt-3000-46.104.1 salt-api-3000-46.104.1 salt-cloud-3000-46.104.1 salt-doc-3000-46.104.1 salt-master-3000-46.104.1 salt-minion-3000-46.104.1 salt-proxy-3000-46.104.1 salt-ssh-3000-46.104.1 salt-standalone-formulas-configuration-3000-46.104.1 salt-syndic-3000-46.104.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-3000-46.104.1 salt-zsh-completion-3000-46.104.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-3000-46.104.1 python3-salt-3000-46.104.1 salt-3000-46.104.1 salt-minion-3000-46.104.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-3000-46.104.1 salt-3000-46.104.1 salt-minion-3000-46.104.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.104.1 salt-3000-46.104.1 salt-api-3000-46.104.1 salt-cloud-3000-46.104.1 salt-doc-3000-46.104.1 salt-master-3000-46.104.1 salt-minion-3000-46.104.1 salt-proxy-3000-46.104.1 salt-ssh-3000-46.104.1 salt-standalone-formulas-configuration-3000-46.104.1 salt-syndic-3000-46.104.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.104.1 salt-zsh-completion-3000-46.104.1 References: https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:16:50 +0200 (CEST) Subject: SUSE-RU-2020:2378-1: moderate: Recommended update for python-azure-agent Message-ID: <20200828161650.57940FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2378-1 Rating: moderate References: #1175198 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent contains the following fix: - Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2378=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2378=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python-azure-agent-2.2.45-3.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.45-3.12.1 References: https://bugzilla.suse.com/1175198 From sle-updates at lists.suse.com Fri Aug 28 10:17:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:17:40 +0200 (CEST) Subject: SUSE-RU-2020:2370-1: moderate: Recommended update for salt Message-ID: <20200828161740.DC35BFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2370-1 Rating: moderate References: #1171461 #1172211 #1173936 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Require /usr/bin/python instead of /bin/python for RHEL-family. (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory. - Fix __mount_device wrapper to accept separate args and kwargs. - Fix the registration of libvirt pool and nodedev events. - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - info_installed works without status attr now. (bsc#1171461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2370=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2370=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2370=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3000-4.11.1 salt-cloud-3000-4.11.1 salt-master-3000-4.11.1 salt-proxy-3000-4.11.1 salt-ssh-3000-4.11.1 salt-standalone-formulas-configuration-3000-4.11.1 salt-syndic-3000-4.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3000-4.11.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-salt-3000-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3000-4.11.1 salt-3000-4.11.1 salt-doc-3000-4.11.1 salt-minion-3000-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3000-4.11.1 salt-zsh-completion-3000-4.11.1 References: https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:18:43 +0200 (CEST) Subject: SUSE-RU-2020:2379-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20200828161843.34D8BFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2379-1 Rating: moderate References: #1175250 #1175251 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2379=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): supportutils-plugin-suse-public-cloud-1.0.5-6.10.1 References: https://bugzilla.suse.com/1175250 https://bugzilla.suse.com/1175251 From sle-updates at lists.suse.com Fri Aug 28 10:19:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:19:39 +0200 (CEST) Subject: SUSE-RU-2020:2380-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20200828161939.94E1FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2380-1 Rating: moderate References: #1175250 #1175251 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2380=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2380=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): supportutils-plugin-suse-public-cloud-1.0.5-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): supportutils-plugin-suse-public-cloud-1.0.5-3.6.1 References: https://bugzilla.suse.com/1175250 https://bugzilla.suse.com/1175251 From sle-updates at lists.suse.com Fri Aug 28 10:20:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:20:34 +0200 (CEST) Subject: SUSE-RU-2020:14469-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828162034.76DD2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14469-1 Rating: moderate References: #1171281 #1171461 #1172211 #1172709 #1173936 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-client-tools-202008-14469=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+50.1 salt-minion-3000+ds-1+50.1 spacecmd-4.1.6-8.1 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:21:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:21:51 +0200 (CEST) Subject: SUSE-RU-2020:2373-1: Recommended update for google-gson, httpcomponents-core, httpcomponents-client Message-ID: <20200828162151.80137FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-gson, httpcomponents-core, httpcomponents-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2373-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update of google-gson, httpcomponents-core, httpcomponents-client provides the following fix: - Ship the correct versions of google-gson, httpcomponents-client and httpcomponents-core on SUSE Manager repositories (no source code changes). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2373=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): google-gson-2.8.5-3.2.6 httpcomponents-client-4.5.6-3.2.6 httpcomponents-core-4.4.10-3.2.6 References: From sle-updates at lists.suse.com Fri Aug 28 10:22:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:22:36 +0200 (CEST) Subject: SUSE-RU-2020:2376-1: moderate: Recommended update for ceph Message-ID: <20200828162236.43479FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2376-1 Rating: moderate References: #1167477 #1171956 #1172142 #1173339 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ceph provides the following fixes: - Upstream 14.2.11 release (see https://ceph.io/releases/v14-2-11-nautilus-released/): * mgr/progress: Skip pg_summary update if _events dict is empty. (bsc#1167477, bsc#1172142, bsc#1171956) * mgr/dashboard: Allow to edit iSCSI target with active session. (bsc#1173339) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2376=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2376=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.11.394+g9cbbc473c0-3.47.2 ceph-common-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-debugsource-14.2.11.394+g9cbbc473c0-3.47.2 libcephfs-devel-14.2.11.394+g9cbbc473c0-3.47.2 libcephfs2-14.2.11.394+g9cbbc473c0-3.47.2 libcephfs2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librados-devel-14.2.11.394+g9cbbc473c0-3.47.2 librados-devel-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librados2-14.2.11.394+g9cbbc473c0-3.47.2 librados2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 libradospp-devel-14.2.11.394+g9cbbc473c0-3.47.2 librbd-devel-14.2.11.394+g9cbbc473c0-3.47.2 librbd1-14.2.11.394+g9cbbc473c0-3.47.2 librbd1-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librgw-devel-14.2.11.394+g9cbbc473c0-3.47.2 librgw2-14.2.11.394+g9cbbc473c0-3.47.2 librgw2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-ceph-argparse-14.2.11.394+g9cbbc473c0-3.47.2 python3-cephfs-14.2.11.394+g9cbbc473c0-3.47.2 python3-cephfs-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rados-14.2.11.394+g9cbbc473c0-3.47.2 python3-rados-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rbd-14.2.11.394+g9cbbc473c0-3.47.2 python3-rbd-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rgw-14.2.11.394+g9cbbc473c0-3.47.2 python3-rgw-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 rados-objclass-devel-14.2.11.394+g9cbbc473c0-3.47.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.11.394+g9cbbc473c0-3.47.2 ceph-base-14.2.11.394+g9cbbc473c0-3.47.2 ceph-base-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-common-14.2.11.394+g9cbbc473c0-3.47.2 ceph-common-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-debugsource-14.2.11.394+g9cbbc473c0-3.47.2 ceph-fuse-14.2.11.394+g9cbbc473c0-3.47.2 ceph-fuse-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mds-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mds-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mgr-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mgr-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mon-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mon-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-osd-14.2.11.394+g9cbbc473c0-3.47.2 ceph-osd-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 ceph-radosgw-14.2.11.394+g9cbbc473c0-3.47.2 ceph-radosgw-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 cephfs-shell-14.2.11.394+g9cbbc473c0-3.47.2 libcephfs2-14.2.11.394+g9cbbc473c0-3.47.2 libcephfs2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librados2-14.2.11.394+g9cbbc473c0-3.47.2 librados2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librbd1-14.2.11.394+g9cbbc473c0-3.47.2 librbd1-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 librgw2-14.2.11.394+g9cbbc473c0-3.47.2 librgw2-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-ceph-argparse-14.2.11.394+g9cbbc473c0-3.47.2 python3-cephfs-14.2.11.394+g9cbbc473c0-3.47.2 python3-cephfs-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rados-14.2.11.394+g9cbbc473c0-3.47.2 python3-rados-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rbd-14.2.11.394+g9cbbc473c0-3.47.2 python3-rbd-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 python3-rgw-14.2.11.394+g9cbbc473c0-3.47.2 python3-rgw-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 rbd-fuse-14.2.11.394+g9cbbc473c0-3.47.2 rbd-fuse-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 rbd-mirror-14.2.11.394+g9cbbc473c0-3.47.2 rbd-mirror-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 rbd-nbd-14.2.11.394+g9cbbc473c0-3.47.2 rbd-nbd-debuginfo-14.2.11.394+g9cbbc473c0-3.47.2 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mgr-dashboard-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mgr-diskprediction-local-14.2.11.394+g9cbbc473c0-3.47.2 ceph-mgr-rook-14.2.11.394+g9cbbc473c0-3.47.2 ceph-prometheus-alerts-14.2.11.394+g9cbbc473c0-3.47.2 References: https://bugzilla.suse.com/1167477 https://bugzilla.suse.com/1171956 https://bugzilla.suse.com/1172142 https://bugzilla.suse.com/1173339 From sle-updates at lists.suse.com Fri Aug 28 10:23:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:23:46 +0200 (CEST) Subject: SUSE-SU-2020:2373-1: moderate: Security update for SUSE Manager Server 4.1 Message-ID: <20200828162346.207E5FDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2373-1 Rating: moderate References: #1136857 #1165572 #1169553 #1169780 #1170244 #1170468 #1170654 #1171281 #1172279 #1172504 #1172709 #1172807 #1172831 #1172839 #1173169 #1173522 #1173535 #1173554 #1173566 #1173584 #1173932 #1173982 #1173997 #1174025 #1174167 #1174229 #1174325 #1174405 #1174470 #1174965 #1175485 #1175555 #1175558 #1175724 #1175791 #678126 Cross-References: CVE-2020-11022 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves one vulnerability and has 35 fixes is now available. Description: This update fixes the following issues: cobbler: - More old modules naming fixes (bsc#1169553) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. mgr-libmod: - Remove unnecessary array wrap in 'list_modules' response object mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) patterns-suse-manager: - Add Recommends for golang-github-QubitProducts-exporter_exporter prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) pxe-default-image-sle15: - Rollback the workaround for bsc#1172807, as dracut is now fixed saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-backend: - Adds basic functionality for gpg check - Verify GPG signature of Ubuntu/Debian repository metadata (Release file) - Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485) - Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485) spacewalk-branding: - Implement Maintenance Windows - Fix typo on spacewalk-branding license spacewalk-certs-tools: - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) - Fix centos detection (bsc#1173584) spacewalk-java: - Use media.1/products from media when not specified different (bsc#1175558) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Implement maintenance windows backend - Add check for maintainence window during executing recurring actions - Implement maintenance windows in struts - XMLRPC: Assign/retract maintenance schedule to/from systems - Fix softwarechannel update for vendor channels (bsc#1172709) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Change system list header text to something better (bsc#1173982) - Set CPU and memory info for virtual instances (bsc#1170244) - Add virtual network Start, Stop and Delete actions - Add virtual network list page - Fix httpcomponents and gson jar symlinks (bsc#1174229) - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Refresh virtualization pages only on events - Fix up2date detection on RH8 when salt-minion is used for registration - Improve performance of the System Groups page with many clients (bsc#1172839) - Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468) - Bump XMLRPC API version number to distinguish from Spacewalk 2.10 - Cluster UI: return to overview page after scheduling actions - Fix NPE on auto installation when no kernel options are given (bsc#1173932) - Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654) - Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state. spacewalk-utils: - Add aarch64 for openSUSE Leap 15.1 and 15.2 spacewalk-web: - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix JS linting errors/warnings - Enable Nutanix AHV virtual host gatherer. - Web UI: Implement managing maintenance schedules and calendars - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) - Add virtual network start, stop and delete actions - Add virtual network list page - Fix internal server error when creating module filters in CLM (bsc#1174325) - Fix VM creation page when there is no volume in the default storage pool - Refresh virtualization pages only on events - Product list in the Wizard doesn't show SLE products first (bsc#1173522) - Cluster UI: return to overview page after scheduling actions - Changes in the logic to update the tick icon. - For the postgres localhost:5432 case, use the - Fix internal server errors by returning 0 instead of dying - Add missing dependency to spacewalk-base-minimal (bsc#678126) - Change kickstart to autoinstallation in navigation on pxt pages - Debranding suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) susemanager: - Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780) - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) susemanager-doc-indexes: - Left navigation structure cleaned up - Fixed several broken xrefs - Added hostname admonition for public cloud sections - Clarified Branch Proxy configuration instructions - Fixed index page pdf links, urls were 1 step to deep - SUSECOM 2020 branding update - PDF 2020 branding update - WEBUI 2020 branding update - Added maintenance window documentation - Added SLE client chapter - Added 508 compliance - Added reverse proxy information to Monitoring in Admin Guide - Add note about accessibility to index - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Added docs for nutanix VHM - Ubuntu clients using the CLI in SUMA (bsc#1174025) susemanager-docs_en: - Left navigation structure cleaned up - Fixed several broken xrefs - Added hostname admonition for public cloud sections - Clarified Branch Proxy configuration instructions - Fixed index page pdf links, urls were 1 step to deep - SUSECOM 2020 branding update - PDF 2020 branding update - WEBUI 2020 branding update - Added maintenance window documentation - Added SLE client chapter - Added 508 compliance - Added reverse proxy information to Monitoring in Admin Guide - Add note about accessibility to index - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Added docs for nutanix VHM - Ubuntu clients using the CLI in SUMA (bsc#1174025) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Add new states and types for virtual instances in order to support Nutanix AHV. - Implement Maintenance Windows - Add virtual network state change action - Internal fixes to avoid problems with the idempotency tests susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only - Add virtual network state change state to handle start, stop and delete - Add virtual network state change state to handle start and stop - Fetch oracle-release when looking for RedHat Product Info (bsc#1173584) - Force a refresh after deleting a virtual storage volume - Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169) - Require PyYAML version >= 5.1 - Log out of Docker registries after image build (bsc#1165572) - Prevent "module.run" deprecation warnings by using custom mgrcompat module susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) virtual-host-gatherer: - Add new gatherer module for Nutanix AHV. virtualization-host-formula: - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) yomi-formula: - Update to version 0.0.1+git.1595952633.b300be2: * pillar: install always kernel-default * chroot: python3-base is now a capability * Move systemctl calls inside chroot * Network: initial work for network declaration * MicroOS: Remove tmp subvolume * Update format following the new standard * Fix __mount_device wrapper httpcomponents-core: - Include the correct package in SUSE Manager Server (no source changes) httpcomponents-client: - Include the correct package in SUSE Manager Server (no source changes) google-gson: - Include the correct package in SUSE Manager Server (no source changes) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6 openvpn-formula-0.1.1-3.3.6 patterns-suma_retail-4.1-6.3.6 patterns-suma_server-4.1-6.3.6 python3-uyuni-common-libs-4.1.6-3.3.6 spacewalk-branding-4.1.9-3.3.6 susemanager-4.1.18-3.3.6 susemanager-tools-4.1.18-3.3.6 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): cobbler-3.0.0+git20190806.32c4bae0-5.3.6 google-gson-2.8.5-3.2.6 httpcomponents-client-4.5.6-3.2.6 httpcomponents-core-4.4.10-3.2.6 ical4j-3.0.18-3.2.7 image-sync-formula-0.1.1595937550.0285244-3.3.6 mgr-libmod-4.1.4-3.3.6 mgr-osa-dispatcher-4.1.3-2.3.6 prometheus-exporters-formula-0.7.1-3.5.2 pxe-default-image-sle15-4.1.0-Build5.3 python3-mgr-osa-common-4.1.3-2.3.6 python3-mgr-osa-dispatcher-4.1.3-2.3.6 python3-spacewalk-certs-tools-4.1.12-3.3.6 python3-suseRegisterInfo-4.1.3-4.3.6 saltboot-formula-0.1.1595937550.0285244-3.3.6 spacecmd-4.1.6-4.3.6 spacewalk-backend-4.1.14-4.5.2 spacewalk-backend-app-4.1.14-4.5.2 spacewalk-backend-applet-4.1.14-4.5.2 spacewalk-backend-config-files-4.1.14-4.5.2 spacewalk-backend-config-files-common-4.1.14-4.5.2 spacewalk-backend-config-files-tool-4.1.14-4.5.2 spacewalk-backend-iss-4.1.14-4.5.2 spacewalk-backend-iss-export-4.1.14-4.5.2 spacewalk-backend-package-push-server-4.1.14-4.5.2 spacewalk-backend-server-4.1.14-4.5.2 spacewalk-backend-sql-4.1.14-4.5.2 spacewalk-backend-sql-postgresql-4.1.14-4.5.2 spacewalk-backend-tools-4.1.14-4.5.2 spacewalk-backend-xml-export-libs-4.1.14-4.5.2 spacewalk-backend-xmlrpc-4.1.14-4.5.2 spacewalk-base-4.1.15-3.3.6 spacewalk-base-minimal-4.1.15-3.3.6 spacewalk-base-minimal-config-4.1.15-3.3.6 spacewalk-certs-tools-4.1.12-3.3.6 spacewalk-html-4.1.15-3.3.6 spacewalk-java-4.1.18-3.5.3 spacewalk-java-config-4.1.18-3.5.3 spacewalk-java-lib-4.1.18-3.5.3 spacewalk-java-postgresql-4.1.18-3.5.3 spacewalk-taskomatic-4.1.18-3.5.3 spacewalk-utils-4.1.11-3.3.6 spacewalk-utils-extras-4.1.11-3.3.6 suseRegisterInfo-4.1.3-4.3.6 susemanager-doc-indexes-4.1-11.7.2 susemanager-docs_en-4.1-11.7.2 susemanager-docs_en-pdf-4.1-11.7.2 susemanager-frontend-libs-4.1.0-3.3.6 susemanager-schema-4.1.12-3.3.6 susemanager-sls-4.1.14-3.5.2 susemanager-sync-data-4.1.7-3.3.6 susemanager-web-libs-4.1.15-3.3.6 virtual-host-gatherer-1.0.21-4.3.6 virtual-host-gatherer-Kubernetes-1.0.21-4.3.6 virtual-host-gatherer-Nutanix-1.0.21-4.3.6 virtual-host-gatherer-VMware-1.0.21-4.3.6 virtual-host-gatherer-libcloud-1.0.21-4.3.6 virtualization-host-formula-0.5-3.3.1 yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6 References: https://www.suse.com/security/cve/CVE-2020-11022.html https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174025 https://bugzilla.suse.com/1174167 https://bugzilla.suse.com/1174229 https://bugzilla.suse.com/1174325 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1174965 https://bugzilla.suse.com/1175485 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 https://bugzilla.suse.com/678126 From sle-updates at lists.suse.com Fri Aug 28 10:28:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:28:24 +0200 (CEST) Subject: SUSE-RU-2020:2368-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828162824.376F4FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2368-1 Rating: moderate References: #1171281 #1172709 #1173584 #1174405 #1174965 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Add support for Prometheus exporters proxy mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-koan: - Use the 4.1 image to fix tests suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-2368=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.18.0-1.15.1 python2-uyuni-common-libs-4.1.6-1.6.1 - SUSE Manager Tools 12 (noarch): mgr-osad-4.1.3-1.18.1 python2-mgr-osa-common-4.1.3-1.18.1 python2-mgr-osad-4.1.3-1.18.1 python2-spacewalk-koan-4.1.2-24.15.1 python2-suseRegisterInfo-4.1.3-25.12.1 spacecmd-4.1.6-38.64.1 spacewalk-koan-4.1.2-24.15.1 suseRegisterInfo-4.1.3-25.12.1 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174965 From sle-updates at lists.suse.com Fri Aug 28 10:29:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:29:43 +0200 (CEST) Subject: SUSE-RU-2020:2369-1: moderate: Recommended update for salt Message-ID: <20200828162943.6EE7BFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2369-1 Rating: moderate References: #1171461 #1172211 #1173936 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Require /usr/bin/python instead of /bin/python for RHEL-family. (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory. - Fix __mount_device wrapper to accept separate args and kwargs. - Fix the registration of libvirt pool and nodedev events. - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - info_installed works without status attr now. (bsc#1171461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2369=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2369=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2369=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-3000-6.40.1 salt-cloud-3000-6.40.1 salt-master-3000-6.40.1 salt-proxy-3000-6.40.1 salt-ssh-3000-6.40.1 salt-standalone-formulas-configuration-3000-6.40.1 salt-syndic-3000-6.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-3000-6.40.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-3000-6.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-3000-6.40.1 salt-3000-6.40.1 salt-doc-3000-6.40.1 salt-minion-3000-6.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-3000-6.40.1 salt-zsh-completion-3000-6.40.1 References: https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:30:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:30:48 +0200 (CEST) Subject: SUSE-RU-2020:14470-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828163048.DA4A7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14470-1 Rating: moderate References: #1171281 #1171461 #1172211 #1172709 #1173936 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Fix the registration of libvirt pool and nodedev events - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211) - Info_installed works without status attr now (bsc#1171461) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202008-14470=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+51.1 salt-minion-3000+ds-1+51.1 spacecmd-4.1.6-8.1 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1172211 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173936 From sle-updates at lists.suse.com Fri Aug 28 10:32:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:32:05 +0200 (CEST) Subject: SUSE-RU-2020:2377-1: moderate: Recommended update for ceph Message-ID: <20200828163205.7B9C0FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2377-1 Rating: moderate References: #1170903 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph provides the following fixes: - bluestore: * BlueFS: Compact log even when sync_metadata sees no work. (bsc#1170903) * Added rescue procedure for bluefs log replay. - cephfs: * client: Removing dir reports "not empty" issue due to client side filled wrong dir offset. * No method to handle SEEK_HOLE and SEEK_DATA in lseek. * osdc: Objecter ops output does not have useful time information. * mds: Using begin() and empty() to iterate the xlist. * doc: mds-config-ref: Update 'mds_log_max_segments' value. * mds: Take xlock in the order requests start locking. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2377=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2377=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2377=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.13+git.1596195714.faddece5a9-2.53.1 libcephfs-devel-12.2.13+git.1596195714.faddece5a9-2.53.1 librados-devel-12.2.13+git.1596195714.faddece5a9-2.53.1 librados-devel-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librbd-devel-12.2.13+git.1596195714.faddece5a9-2.53.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-common-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-debugsource-12.2.13+git.1596195714.faddece5a9-2.53.1 libcephfs2-12.2.13+git.1596195714.faddece5a9-2.53.1 libcephfs2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librados2-12.2.13+git.1596195714.faddece5a9-2.53.1 librados2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 libradosstriper1-12.2.13+git.1596195714.faddece5a9-2.53.1 libradosstriper1-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librbd1-12.2.13+git.1596195714.faddece5a9-2.53.1 librbd1-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librgw2-12.2.13+git.1596195714.faddece5a9-2.53.1 librgw2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-cephfs-12.2.13+git.1596195714.faddece5a9-2.53.1 python-cephfs-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rados-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rados-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rbd-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rbd-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rgw-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rgw-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-base-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-base-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-common-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-common-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-debugsource-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-fuse-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-fuse-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mds-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mds-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mgr-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mgr-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mon-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-mon-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-osd-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-osd-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-radosgw-12.2.13+git.1596195714.faddece5a9-2.53.1 ceph-radosgw-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 libcephfs2-12.2.13+git.1596195714.faddece5a9-2.53.1 libcephfs2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librados2-12.2.13+git.1596195714.faddece5a9-2.53.1 librados2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 libradosstriper1-12.2.13+git.1596195714.faddece5a9-2.53.1 libradosstriper1-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librbd1-12.2.13+git.1596195714.faddece5a9-2.53.1 librbd1-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 librgw2-12.2.13+git.1596195714.faddece5a9-2.53.1 librgw2-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-ceph-compat-12.2.13+git.1596195714.faddece5a9-2.53.1 python-cephfs-12.2.13+git.1596195714.faddece5a9-2.53.1 python-cephfs-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rados-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rados-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rbd-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rbd-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rgw-12.2.13+git.1596195714.faddece5a9-2.53.1 python-rgw-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-ceph-argparse-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-cephfs-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-cephfs-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rados-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rados-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rbd-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rbd-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rgw-12.2.13+git.1596195714.faddece5a9-2.53.1 python3-rgw-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-fuse-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-fuse-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-mirror-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-mirror-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-nbd-12.2.13+git.1596195714.faddece5a9-2.53.1 rbd-nbd-debuginfo-12.2.13+git.1596195714.faddece5a9-2.53.1 References: https://bugzilla.suse.com/1170903 From sle-updates at lists.suse.com Fri Aug 28 10:32:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:32:56 +0200 (CEST) Subject: SUSE-SU-2020:2373-1: moderate: Security update for SUSE Manager Server 4.1 Message-ID: <20200828163256.6B15CFDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2373-1 Rating: moderate References: #1136857 #1165572 #1169553 #1169780 #1170244 #1170468 #1170654 #1171281 #1172279 #1172504 #1172709 #1172807 #1172831 #1172839 #1173169 #1173522 #1173535 #1173554 #1173566 #1173584 #1173932 #1173982 #1173997 #1174025 #1174167 #1174201 #1174229 #1174325 #1174405 #1174470 #1174965 #1175485 #1175555 #1175558 #1175724 #1175791 #678126 Cross-References: CVE-2020-11022 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that solves one vulnerability and has 36 fixes is now available. Description: This update fixes the following issues: cobbler: - More old modules naming fixes (bsc#1169553) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. mgr-libmod: - Remove unnecessary array wrap in 'list_modules' response object mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) patterns-suse-manager: - Add Recommends for golang-github-QubitProducts-exporter_exporter prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) pxe-default-image-sle15: - Rollback the workaround for bsc#1172807, as dracut is now fixed saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-backend: - Adds basic functionality for gpg check - Verify GPG signature of Ubuntu/Debian repository metadata (Release file) - Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485) - Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485) spacewalk-branding: - Implement Maintenance Windows - Fix typo on spacewalk-branding license spacewalk-certs-tools: - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) - Fix centos detection (bsc#1173584) spacewalk-java: - Use media.1/products from media when not specified different (bsc#1175558) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Implement maintenance windows backend - Add check for maintainence window during executing recurring actions - Implement maintenance windows in struts - XMLRPC: Assign/retract maintenance schedule to/from systems - Fix softwarechannel update for vendor channels (bsc#1172709) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Change system list header text to something better (bsc#1173982) - Set CPU and memory info for virtual instances (bsc#1170244) - Add virtual network Start, Stop and Delete actions - Add virtual network list page - Fix httpcomponents and gson jar symlinks (bsc#1174229) - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Refresh virtualization pages only on events - Fix up2date detection on RH8 when salt-minion is used for registration - Improve performance of the System Groups page with many clients (bsc#1172839) - Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468) - Bump XMLRPC API version number to distinguish from Spacewalk 2.10 - Cluster UI: return to overview page after scheduling actions - Fix NPE on auto installation when no kernel options are given (bsc#1173932) - Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654) - Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state. spacewalk-utils: - Add aarch64 for openSUSE Leap 15.1 and 15.2 spacewalk-web: - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix JS linting errors/warnings - Enable Nutanix AHV virtual host gatherer. - Web UI: Implement managing maintenance schedules and calendars - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) - Add virtual network start, stop and delete actions - Add virtual network list page - Fix internal server error when creating module filters in CLM (bsc#1174325) - Fix VM creation page when there is no volume in the default storage pool - Refresh virtualization pages only on events - Product list in the Wizard doesn't show SLE products first (bsc#1173522) - Cluster UI: return to overview page after scheduling actions - Changes in the logic to update the tick icon. - For the postgres localhost:5432 case, use the - Fix internal server errors by returning 0 instead of dying - Add missing dependency to spacewalk-base-minimal (bsc#678126) - Change kickstart to autoinstallation in navigation on pxt pages - Debranding suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) susemanager: - Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780) - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) susemanager-doc-indexes: - Left navigation structure cleaned up - Fixed several broken xrefs - Added hostname admonition for public cloud sections - Clarified Branch Proxy configuration instructions - Fixed index page pdf links, urls were 1 step to deep - SUSECOM 2020 branding update - PDF 2020 branding update - WEBUI 2020 branding update - Added maintenance window documentation - Added SLE client chapter - Added 508 compliance - Added reverse proxy information to Monitoring in Admin Guide - Add note about accessibility to index - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Added docs for nutanix VHM - Ubuntu clients using the CLI in SUMA (bsc#1174025) susemanager-docs_en: - Left navigation structure cleaned up - Fixed several broken xrefs - Added hostname admonition for public cloud sections - Clarified Branch Proxy configuration instructions - Fixed index page pdf links, urls were 1 step to deep - SUSECOM 2020 branding update - PDF 2020 branding update - WEBUI 2020 branding update - Added maintenance window documentation - Added SLE client chapter - Added 508 compliance - Added reverse proxy information to Monitoring in Admin Guide - Add note about accessibility to index - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Added docs for nutanix VHM - Ubuntu clients using the CLI in SUMA (bsc#1174025) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Add new states and types for virtual instances in order to support Nutanix AHV. - Implement Maintenance Windows - Add virtual network state change action - Internal fixes to avoid problems with the idempotency tests susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only - Add virtual network state change state to handle start, stop and delete - Add virtual network state change state to handle start and stop - Fetch oracle-release when looking for RedHat Product Info (bsc#1173584) - Force a refresh after deleting a virtual storage volume - Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169) - Require PyYAML version >= 5.1 - Log out of Docker registries after image build (bsc#1165572) - Prevent "module.run" deprecation warnings by using custom mgrcompat module susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) virtual-host-gatherer: - Add new gatherer module for Nutanix AHV. virtualization-host-formula: - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) yomi-formula: - Update to version 0.0.1+git.1595952633.b300be2: * pillar: install always kernel-default * chroot: python3-base is now a capability * Move systemctl calls inside chroot * Network: initial work for network declaration * MicroOS: Remove tmp subvolume * Update format following the new standard * Fix __mount_device wrapper httpcomponents-core: - Include the correct package in SUSE Manager Server (no source changes) httpcomponents-client: - Include the correct package in SUSE Manager Server (no source changes) google-gson: - Include the correct package in SUSE Manager Server (no source changes) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-2373=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6 openvpn-formula-0.1.1-3.3.6 patterns-suma_retail-4.1-6.3.6 patterns-suma_server-4.1-6.3.6 python3-uyuni-common-libs-4.1.6-3.3.6 spacewalk-branding-4.1.9-3.3.6 susemanager-4.1.18-3.3.6 susemanager-tools-4.1.18-3.3.6 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): cobbler-3.0.0+git20190806.32c4bae0-5.3.6 google-gson-2.8.5-3.2.6 httpcomponents-client-4.5.6-3.2.6 httpcomponents-core-4.4.10-3.2.6 ical4j-3.0.18-3.2.7 image-sync-formula-0.1.1595937550.0285244-3.3.6 mgr-libmod-4.1.4-3.3.6 mgr-osa-dispatcher-4.1.3-2.3.6 prometheus-exporters-formula-0.7.1-3.5.2 pxe-default-image-sle15-4.1.0-Build5.3 python3-mgr-osa-common-4.1.3-2.3.6 python3-mgr-osa-dispatcher-4.1.3-2.3.6 python3-spacewalk-certs-tools-4.1.12-3.3.6 python3-suseRegisterInfo-4.1.3-4.3.6 saltboot-formula-0.1.1595937550.0285244-3.3.6 spacecmd-4.1.6-4.3.6 spacewalk-backend-4.1.14-4.5.2 spacewalk-backend-app-4.1.14-4.5.2 spacewalk-backend-applet-4.1.14-4.5.2 spacewalk-backend-config-files-4.1.14-4.5.2 spacewalk-backend-config-files-common-4.1.14-4.5.2 spacewalk-backend-config-files-tool-4.1.14-4.5.2 spacewalk-backend-iss-4.1.14-4.5.2 spacewalk-backend-iss-export-4.1.14-4.5.2 spacewalk-backend-package-push-server-4.1.14-4.5.2 spacewalk-backend-server-4.1.14-4.5.2 spacewalk-backend-sql-4.1.14-4.5.2 spacewalk-backend-sql-postgresql-4.1.14-4.5.2 spacewalk-backend-tools-4.1.14-4.5.2 spacewalk-backend-xml-export-libs-4.1.14-4.5.2 spacewalk-backend-xmlrpc-4.1.14-4.5.2 spacewalk-base-4.1.15-3.3.6 spacewalk-base-minimal-4.1.15-3.3.6 spacewalk-base-minimal-config-4.1.15-3.3.6 spacewalk-certs-tools-4.1.12-3.3.6 spacewalk-html-4.1.15-3.3.6 spacewalk-java-4.1.18-3.5.3 spacewalk-java-config-4.1.18-3.5.3 spacewalk-java-lib-4.1.18-3.5.3 spacewalk-java-postgresql-4.1.18-3.5.3 spacewalk-taskomatic-4.1.18-3.5.3 spacewalk-utils-4.1.11-3.3.6 spacewalk-utils-extras-4.1.11-3.3.6 suseRegisterInfo-4.1.3-4.3.6 susemanager-doc-indexes-4.1-11.7.2 susemanager-docs_en-4.1-11.7.2 susemanager-docs_en-pdf-4.1-11.7.2 susemanager-frontend-libs-4.1.0-3.3.6 susemanager-schema-4.1.12-3.3.6 susemanager-sls-4.1.14-3.5.2 susemanager-sync-data-4.1.7-3.3.6 susemanager-web-libs-4.1.15-3.3.6 virtual-host-gatherer-1.0.21-4.3.6 virtual-host-gatherer-Kubernetes-1.0.21-4.3.6 virtual-host-gatherer-Nutanix-1.0.21-4.3.6 virtual-host-gatherer-VMware-1.0.21-4.3.6 virtual-host-gatherer-libcloud-1.0.21-4.3.6 virtualization-host-formula-0.5-3.3.1 yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6 patterns-suma_proxy-4.1-6.3.6 python3-uyuni-common-libs-4.1.6-3.3.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): mgr-osad-4.1.3-2.3.6 python3-mgr-osa-common-4.1.3-2.3.6 python3-mgr-osad-4.1.3-2.3.6 python3-spacewalk-certs-tools-4.1.12-3.3.6 python3-suseRegisterInfo-4.1.3-4.3.6 spacecmd-4.1.6-4.3.6 spacewalk-backend-4.1.14-4.5.2 spacewalk-base-minimal-4.1.15-3.3.6 spacewalk-base-minimal-config-4.1.15-3.3.6 spacewalk-certs-tools-4.1.12-3.3.6 spacewalk-proxy-broker-4.1.2-3.3.6 spacewalk-proxy-common-4.1.2-3.3.6 spacewalk-proxy-management-4.1.2-3.3.6 spacewalk-proxy-package-manager-4.1.2-3.3.6 spacewalk-proxy-redirect-4.1.2-3.3.6 spacewalk-proxy-salt-4.1.2-3.3.6 suseRegisterInfo-4.1.3-4.3.6 References: https://www.suse.com/security/cve/CVE-2020-11022.html https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174025 https://bugzilla.suse.com/1174167 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1174229 https://bugzilla.suse.com/1174325 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1174965 https://bugzilla.suse.com/1175485 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 https://bugzilla.suse.com/678126 From sle-updates at lists.suse.com Fri Aug 28 10:37:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:37:42 +0200 (CEST) Subject: SUSE-RU-2020:14474-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828163742.EA0E6FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14474-1 Rating: moderate References: #1171281 #1172709 #1173584 #1174405 #1174965 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-koan: - Use the 4.1 image to fix tests suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202008-14474=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202008-14474=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-osad-4.1.3-5.18.3 python2-mgr-osa-common-4.1.3-5.18.3 python2-mgr-osad-4.1.3-5.18.3 python2-spacewalk-koan-4.1.2-9.15.3 python2-suseRegisterInfo-4.1.3-6.12.3 python2-uyuni-common-libs-4.1.6-5.6.3 spacecmd-4.1.6-18.66.3 spacewalk-koan-4.1.2-9.15.3 suseRegisterInfo-4.1.3-6.12.3 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-osad-4.1.3-5.18.3 python2-mgr-osa-common-4.1.3-5.18.3 python2-mgr-osad-4.1.3-5.18.3 python2-spacewalk-koan-4.1.2-9.15.3 python2-suseRegisterInfo-4.1.3-6.12.3 python2-uyuni-common-libs-4.1.6-5.6.3 spacecmd-4.1.6-18.66.3 spacewalk-koan-4.1.2-9.15.3 suseRegisterInfo-4.1.3-6.12.3 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174965 From sle-updates at lists.suse.com Fri Aug 28 10:39:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:39:00 +0200 (CEST) Subject: SUSE-RU-2020:2374-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200828163900.204A2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2374-1 Rating: moderate References: #1171281 #1172709 #1173149 #1173584 #1174405 #1174965 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there POS_Image-JeOS7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there dracut-saltboot: - Use automatic RAID assembly only in the first phase before start of salt dracut-wireless: - Make sure ifup is scheduled (bsc#1173149) golang-github-prometheus-prometheus: - Add support for Prometheus exporters proxy mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-koan: - Use the 4.1 image to fix tests suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-2374=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-1.3.1 golang-github-prometheus-prometheus-2.18.0-3.15.1 python3-uyuni-common-libs-4.1.6-1.6.1 - SUSE Manager Tools 15 (noarch): POS_Image-Graphical7-0.1.1595937550.0285244-1.12.1 POS_Image-JeOS7-0.1.1595937550.0285244-1.12.1 dracut-saltboot-0.1.1595937550.0285244-1.15.1 dracut-wireless-0.1.1595937550.0285244-1.6.1 mgr-osad-4.1.3-1.18.1 python3-mgr-osa-common-4.1.3-1.18.1 python3-mgr-osad-4.1.3-1.18.1 python3-spacewalk-koan-4.1.2-3.12.1 python3-suseRegisterInfo-4.1.3-3.9.1 spacecmd-4.1.6-3.41.1 spacewalk-koan-4.1.2-3.12.1 suseRegisterInfo-4.1.3-3.9.1 References: https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173149 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174965 From sle-updates at lists.suse.com Fri Aug 28 10:40:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Aug 2020 18:40:21 +0200 (CEST) Subject: SUSE-RU-2020:2375-1: moderate: Recommended update for SUSE Manager 4.1.1 Release Notes Message-ID: <20200828164021.319AEFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.1 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2375-1 Rating: moderate References: #1136857 #1165572 #1169553 #1169780 #1170244 #1170468 #1170654 #1171281 #1172279 #1172504 #1172709 #1172807 #1172831 #1172839 #1173169 #1173522 #1173535 #1173554 #1173566 #1173584 #1173932 #1173982 #1173997 #1174025 #1174167 #1174201 #1174229 #1174325 #1174405 #1174470 #1174965 #1175485 #1175555 #1175558 #1175724 #1175791 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 36 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.1 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.1.1 - Bugs mentioned: bsc#1136857, bsc#1165572, bsc#1169553, bsc#1169780, bsc#1170244, bsc#1170468, bsc#1170654, bsc#1171281, bsc#1172279, bsc#1172504, bsc#1172709, bsc#1172807, bsc#1172831, bsc#1172839, bsc#1173169, bsc#1173522, bsc#1173535, bsc#1173554, bsc#1173566, bsc#1173584, bsc#1173932, bsc#1173982, bsc#1173997, bsc#1174167, bsc#1174229, bsc#1174325, bsc#1174405, bsc#1174470, bsc#1174965, bsc#1174025, bsc#1175485, bsc#1175555, bsc#1175558, bsc#1175724, bsc#1175791 Release notes for SUSE Manager proxy: - Revision 4.1.1 - Bugs mentioned bsc#1171281, bsc#1172709, bsc#1172831, bsc#1173522, bsc#1173535 bsc#1173554, bsc#1173584, bsc#1174201, bsc#1174325, bsc#1174405 bsc#1174965, bsc#1175485 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2020-2375=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2020-2375=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2020-2375=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.1-3.18.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.1-3.11.2 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.1-3.11.2 References: https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169780 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1170468 https://bugzilla.suse.com/1170654 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1172839 https://bugzilla.suse.com/1173169 https://bugzilla.suse.com/1173522 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173932 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174025 https://bugzilla.suse.com/1174167 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1174229 https://bugzilla.suse.com/1174325 https://bugzilla.suse.com/1174405 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1174965 https://bugzilla.suse.com/1175485 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 From sle-updates at lists.suse.com Fri Aug 28 22:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:13:31 +0200 (CEST) Subject: SUSE-RU-2020:2389-1: moderate: Recommended update for resource-agents Message-ID: <20200829041331.8C396FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2389-1 Rating: moderate References: #1170354 #1175101 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fix for supporting 'multi alias IP' for resource agent to meet the requirements properly of multiple scenarios. (bsc#1175101) - Fix for version checking of pacemaker to make it compatible with with the SUSE version format. (bsc#1170354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2389=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.6.1 resource-agents-4.4.0+git57.70549516-3.6.1 resource-agents-debuginfo-4.4.0+git57.70549516-3.6.1 resource-agents-debugsource-4.4.0+git57.70549516-3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.6.1 References: https://bugzilla.suse.com/1170354 https://bugzilla.suse.com/1175101 From sle-updates at lists.suse.com Fri Aug 28 22:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:14:27 +0200 (CEST) Subject: SUSE-RU-2020:2384-1: Recommended update for e2fsprogs Message-ID: <20200829041427.764BCFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2384-1 Rating: low References: #1170964 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2384=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2384=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.23.1 e2fsprogs-debuginfo-1.43.8-4.23.1 e2fsprogs-debugsource-1.43.8-4.23.1 e2fsprogs-devel-1.43.8-4.23.1 libcom_err-devel-1.43.8-4.23.1 libcom_err-devel-static-1.43.8-4.23.1 libcom_err2-1.43.8-4.23.1 libcom_err2-debuginfo-1.43.8-4.23.1 libext2fs-devel-1.43.8-4.23.1 libext2fs-devel-static-1.43.8-4.23.1 libext2fs2-1.43.8-4.23.1 libext2fs2-debuginfo-1.43.8-4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-4.23.1 libcom_err2-32bit-1.43.8-4.23.1 libcom_err2-32bit-debuginfo-1.43.8-4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-4.23.1 e2fsprogs-debuginfo-1.43.8-4.23.1 e2fsprogs-debugsource-1.43.8-4.23.1 e2fsprogs-devel-1.43.8-4.23.1 libcom_err-devel-1.43.8-4.23.1 libcom_err-devel-static-1.43.8-4.23.1 libcom_err2-1.43.8-4.23.1 libcom_err2-debuginfo-1.43.8-4.23.1 libext2fs-devel-1.43.8-4.23.1 libext2fs-devel-static-1.43.8-4.23.1 libext2fs2-1.43.8-4.23.1 libext2fs2-debuginfo-1.43.8-4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-4.23.1 libcom_err2-32bit-1.43.8-4.23.1 libcom_err2-32bit-debuginfo-1.43.8-4.23.1 References: https://bugzilla.suse.com/1170964 From sle-updates at lists.suse.com Fri Aug 28 22:15:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:15:18 +0200 (CEST) Subject: SUSE-RU-2020:2385-1: moderate: Recommended update for resource-agents Message-ID: <20200829041518.64F47FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2385-1 Rating: moderate References: #1170354 #1175101 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fix for supporting 'multi alias IP' for resource agent to meet the requirements properly of multiple scenarios. (bsc#1175101) - Fix for version checking of pacemaker to make it compatible with with the SUSE version format. (bsc#1170354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2385=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2385=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.51.1 resource-agents-4.3.018.a7fb5035-3.51.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.51.1 resource-agents-debugsource-4.3.018.a7fb5035-3.51.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.51.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.51.1 resource-agents-4.3.018.a7fb5035-3.51.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.51.1 resource-agents-debugsource-4.3.018.a7fb5035-3.51.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.51.1 References: https://bugzilla.suse.com/1170354 https://bugzilla.suse.com/1175101 From sle-updates at lists.suse.com Fri Aug 28 22:16:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:16:17 +0200 (CEST) Subject: SUSE-RU-2020:2388-1: moderate: Recommended update for Mesa Message-ID: <20200829041617.D0F3CFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2388-1 Rating: moderate References: #1172468 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Mesa fixes the following issues: - Fixes memory leaks locking up desktop ups randomly. (bsc#1172468) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2388=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2388=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2388=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): Mesa-debugsource-18.3.2-14.6.1 Mesa-drivers-debugsource-18.3.2-14.6.1 Mesa-libGLESv1_CM1-18.3.2-14.6.1 Mesa-libGLESv1_CM1-debuginfo-18.3.2-14.6.1 Mesa-libGLESv2-2-32bit-18.3.2-14.6.1 Mesa-libGLESv2-2-debuginfo-32bit-18.3.2-14.6.1 Mesa-libd3d-18.3.2-14.6.1 Mesa-libd3d-debuginfo-18.3.2-14.6.1 Mesa-libva-18.3.2-14.6.1 Mesa-libva-debuginfo-18.3.2-14.6.1 libXvMC_nouveau-18.3.2-14.6.1 libXvMC_nouveau-debuginfo-18.3.2-14.6.1 libXvMC_r600-18.3.2-14.6.1 libXvMC_r600-debuginfo-18.3.2-14.6.1 libvdpau_nouveau-18.3.2-14.6.1 libvdpau_nouveau-debuginfo-18.3.2-14.6.1 libvdpau_r300-18.3.2-14.6.1 libvdpau_r300-debuginfo-18.3.2-14.6.1 libvdpau_r600-18.3.2-14.6.1 libvdpau_r600-debuginfo-18.3.2-14.6.1 libvdpau_radeonsi-18.3.2-14.6.1 libvdpau_radeonsi-debuginfo-18.3.2-14.6.1 libvulkan_intel-18.3.2-14.6.1 libvulkan_intel-debuginfo-18.3.2-14.6.1 libvulkan_radeon-18.3.2-14.6.1 libvulkan_radeon-debuginfo-18.3.2-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): Mesa-KHR-devel-18.3.2-14.6.1 Mesa-debugsource-18.3.2-14.6.1 Mesa-devel-18.3.2-14.6.1 Mesa-dri-devel-18.3.2-14.6.1 Mesa-libEGL-devel-18.3.2-14.6.1 Mesa-libGL-devel-18.3.2-14.6.1 Mesa-libGLESv1_CM-devel-18.3.2-14.6.1 Mesa-libGLESv1_CM1-18.3.2-14.6.1 Mesa-libGLESv1_CM1-debuginfo-18.3.2-14.6.1 Mesa-libGLESv2-devel-18.3.2-14.6.1 Mesa-libGLESv3-devel-18.3.2-14.6.1 Mesa-libglapi-devel-18.3.2-14.6.1 libOSMesa-devel-18.3.2-14.6.1 libOSMesa8-18.3.2-14.6.1 libOSMesa8-debuginfo-18.3.2-14.6.1 libgbm-devel-18.3.2-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): libxatracker-devel-1.0.0-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): Mesa-drivers-debugsource-18.3.2-14.6.1 Mesa-libd3d-devel-18.3.2-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libOSMesa8-32bit-18.3.2-14.6.1 libOSMesa8-debuginfo-32bit-18.3.2-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): Mesa-libVulkan-devel-18.3.2-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): Mesa-18.3.2-14.6.1 Mesa-debugsource-18.3.2-14.6.1 Mesa-dri-18.3.2-14.6.1 Mesa-dri-debuginfo-18.3.2-14.6.1 Mesa-drivers-debugsource-18.3.2-14.6.1 Mesa-libEGL1-18.3.2-14.6.1 Mesa-libEGL1-debuginfo-18.3.2-14.6.1 Mesa-libGL1-18.3.2-14.6.1 Mesa-libGL1-debuginfo-18.3.2-14.6.1 Mesa-libGLESv2-2-18.3.2-14.6.1 Mesa-libGLESv2-2-debuginfo-18.3.2-14.6.1 Mesa-libglapi0-18.3.2-14.6.1 Mesa-libglapi0-debuginfo-18.3.2-14.6.1 libgbm1-18.3.2-14.6.1 libgbm1-debuginfo-18.3.2-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): libxatracker2-1.0.0-14.6.1 libxatracker2-debuginfo-1.0.0-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): Mesa-32bit-18.3.2-14.6.1 Mesa-dri-32bit-18.3.2-14.6.1 Mesa-dri-debuginfo-32bit-18.3.2-14.6.1 Mesa-libEGL1-32bit-18.3.2-14.6.1 Mesa-libEGL1-debuginfo-32bit-18.3.2-14.6.1 Mesa-libGL1-32bit-18.3.2-14.6.1 Mesa-libGL1-debuginfo-32bit-18.3.2-14.6.1 Mesa-libglapi0-32bit-18.3.2-14.6.1 Mesa-libglapi0-debuginfo-32bit-18.3.2-14.6.1 libgbm1-32bit-18.3.2-14.6.1 libgbm1-debuginfo-32bit-18.3.2-14.6.1 References: https://bugzilla.suse.com/1172468 From sle-updates at lists.suse.com Fri Aug 28 22:17:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:17:06 +0200 (CEST) Subject: SUSE-RU-2020:2387-1: moderate: Recommended update for netcdf Message-ID: <20200829041707.002A4FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcdf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2387-1 Rating: moderate References: #1174291 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netcdf fixes the following issues: - Make environment module name conform standards: NetCDF modules should be called 'netcdf' - regardless whether they are 'serial' or use MPI. (bsc#1174291) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2387=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libnetcdf-gnu-hpc-4.6.1-10.4.1 libnetcdf-gnu-mpich-hpc-4.6.1-10.4.1 libnetcdf-gnu-mvapich2-hpc-4.6.1-10.4.1 libnetcdf-gnu-openmpi2-hpc-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-hpc-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.4.1 libnetcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-hpc-4.6.1-10.4.1 netcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-hpc-devel-4.6.1-10.4.1 netcdf_4_6_1-gnu-hpc-devel-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-hpc-devel-static-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-debugsource-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-devel-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-devel-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-mpich-hpc-devel-static-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-debugsource-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-devel-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-devel-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-mvapich2-hpc-devel-static-4.6.1-10.4.1 netcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.4.1 netcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-openmpi2-hpc-devel-4.6.1-10.4.1 netcdf_4_6_1-gnu-openmpi2-hpc-devel-debuginfo-4.6.1-10.4.1 netcdf_4_6_1-gnu-openmpi2-hpc-devel-static-4.6.1-10.4.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): netcdf-gnu-hpc-4.6.1-10.4.1 netcdf-gnu-hpc-devel-4.6.1-10.4.1 netcdf-gnu-mpich-hpc-4.6.1-10.4.1 netcdf-gnu-mpich-hpc-devel-4.6.1-10.4.1 netcdf-gnu-mvapich2-hpc-4.6.1-10.4.1 netcdf-gnu-mvapich2-hpc-devel-4.6.1-10.4.1 netcdf-gnu-openmpi2-hpc-4.6.1-10.4.1 netcdf-gnu-openmpi2-hpc-devel-4.6.1-10.4.1 References: https://bugzilla.suse.com/1174291 From sle-updates at lists.suse.com Fri Aug 28 22:17:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Aug 2020 06:17:59 +0200 (CEST) Subject: SUSE-RU-2020:2386-1: moderate: Recommended update for samba Message-ID: <20200829041759.B3309FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2386-1 Rating: moderate References: #1172810 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2386=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2386=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2386=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.11+git.182.fe3646e9391-4.8.1 samba-ad-dc-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-debugsource-4.11.11+git.182.fe3646e9391-4.8.1 samba-dsdb-modules-4.11.11+git.182.fe3646e9391-4.8.1 samba-dsdb-modules-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-binding0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-devel-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-samr-devel-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-samr0-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-samr0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc0-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-devel-4.11.11+git.182.fe3646e9391-4.8.1 libndr-krb5pac-devel-4.11.11+git.182.fe3646e9391-4.8.1 libndr-krb5pac0-4.11.11+git.182.fe3646e9391-4.8.1 libndr-krb5pac0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-nbt-devel-4.11.11+git.182.fe3646e9391-4.8.1 libndr-nbt0-4.11.11+git.182.fe3646e9391-4.8.1 libndr-nbt0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-standard-devel-4.11.11+git.182.fe3646e9391-4.8.1 libndr-standard0-4.11.11+git.182.fe3646e9391-4.8.1 libndr-standard0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr0-4.11.11+git.182.fe3646e9391-4.8.1 libndr0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libnetapi-devel-4.11.11+git.182.fe3646e9391-4.8.1 libnetapi0-4.11.11+git.182.fe3646e9391-4.8.1 libnetapi0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-credentials-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-credentials0-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-credentials0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-errors-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-errors0-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-errors0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-hostconfig-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-hostconfig0-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-hostconfig0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-passdb-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-passdb0-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-passdb0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-policy-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-policy-python3-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-policy0-python3-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-policy0-python3-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-util-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-util0-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-util0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamdb-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsamdb0-4.11.11+git.182.fe3646e9391-4.8.1 libsamdb0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsmbclient-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsmbclient0-4.11.11+git.182.fe3646e9391-4.8.1 libsmbclient0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsmbconf-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsmbconf0-4.11.11+git.182.fe3646e9391-4.8.1 libsmbconf0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsmbldap-devel-4.11.11+git.182.fe3646e9391-4.8.1 libsmbldap2-4.11.11+git.182.fe3646e9391-4.8.1 libsmbldap2-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libtevent-util-devel-4.11.11+git.182.fe3646e9391-4.8.1 libtevent-util0-4.11.11+git.182.fe3646e9391-4.8.1 libtevent-util0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libwbclient-devel-4.11.11+git.182.fe3646e9391-4.8.1 libwbclient0-4.11.11+git.182.fe3646e9391-4.8.1 libwbclient0-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-4.11.11+git.182.fe3646e9391-4.8.1 samba-client-4.11.11+git.182.fe3646e9391-4.8.1 samba-client-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-core-devel-4.11.11+git.182.fe3646e9391-4.8.1 samba-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-debugsource-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-python3-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-python3-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-python3-4.11.11+git.182.fe3646e9391-4.8.1 samba-python3-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-winbind-4.11.11+git.182.fe3646e9391-4.8.1 samba-winbind-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.11+git.182.fe3646e9391-4.8.1 samba-ceph-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc-binding0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libdcerpc0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-krb5pac0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libndr-krb5pac0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-nbt0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libndr-nbt0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr-standard0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libndr-standard0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libndr0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libndr0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libnetapi0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libnetapi0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-credentials0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-credentials0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-errors0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-errors0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-hostconfig0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-passdb0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-passdb0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-util0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamba-util0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsamdb0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsamdb0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsmbconf0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsmbconf0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libsmbldap2-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libsmbldap2-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libtevent-util0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libtevent-util0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 libwbclient0-32bit-4.11.11+git.182.fe3646e9391-4.8.1 libwbclient0-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-32bit-4.11.11+git.182.fe3646e9391-4.8.1 samba-libs-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-winbind-32bit-4.11.11+git.182.fe3646e9391-4.8.1 samba-winbind-32bit-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.11+git.182.fe3646e9391-4.8.1 ctdb-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-debuginfo-4.11.11+git.182.fe3646e9391-4.8.1 samba-debugsource-4.11.11+git.182.fe3646e9391-4.8.1 References: https://bugzilla.suse.com/1172810 From sle-updates at lists.suse.com Sun Aug 30 04:40:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Aug 2020 12:40:49 +0200 (CEST) Subject: SUSE-CU-2020:416-1: Recommended update of suse/sle15 Message-ID: <20200830104049.5B9F7FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:416-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.256 Container Release : 4.22.256 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Sun Aug 30 04:48:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Aug 2020 12:48:06 +0200 (CEST) Subject: SUSE-CU-2020:417-1: Recommended update of suse/sle15 Message-ID: <20200830104806.5A272FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:417-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.295 Container Release : 6.2.295 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Sun Aug 30 04:49:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Aug 2020 12:49:38 +0200 (CEST) Subject: SUSE-CU-2020:418-1: Recommended update of suse/sle15 Message-ID: <20200830104938.618ABFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:418-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.732 Container Release : 8.2.732 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Mon Aug 31 10:13:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Aug 2020 18:13:57 +0200 (CEST) Subject: SUSE-SU-2020:2391-1: moderate: Security update for freeradius-server Message-ID: <20200831161357.A0848FDE4@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2391-1 Rating: moderate References: #1144524 #1166847 Cross-References: CVE-2019-13456 CVE-2019-17185 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2391=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2391=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2391=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2391=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): freeradius-server-3.0.3-17.15.2 freeradius-server-debuginfo-3.0.3-17.15.2 freeradius-server-debugsource-3.0.3-17.15.2 freeradius-server-doc-3.0.3-17.15.2 freeradius-server-krb5-3.0.3-17.15.2 freeradius-server-krb5-debuginfo-3.0.3-17.15.2 freeradius-server-ldap-3.0.3-17.15.2 freeradius-server-ldap-debuginfo-3.0.3-17.15.2 freeradius-server-libs-3.0.3-17.15.2 freeradius-server-libs-debuginfo-3.0.3-17.15.2 freeradius-server-mysql-3.0.3-17.15.2 freeradius-server-mysql-debuginfo-3.0.3-17.15.2 freeradius-server-perl-3.0.3-17.15.2 freeradius-server-perl-debuginfo-3.0.3-17.15.2 freeradius-server-postgresql-3.0.3-17.15.2 freeradius-server-postgresql-debuginfo-3.0.3-17.15.2 freeradius-server-python-3.0.3-17.15.2 freeradius-server-python-debuginfo-3.0.3-17.15.2 freeradius-server-sqlite-3.0.3-17.15.2 freeradius-server-sqlite-debuginfo-3.0.3-17.15.2 freeradius-server-utils-3.0.3-17.15.2 freeradius-server-utils-debuginfo-3.0.3-17.15.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): freeradius-server-3.0.3-17.15.2 freeradius-server-debuginfo-3.0.3-17.15.2 freeradius-server-debugsource-3.0.3-17.15.2 freeradius-server-doc-3.0.3-17.15.2 freeradius-server-krb5-3.0.3-17.15.2 freeradius-server-krb5-debuginfo-3.0.3-17.15.2 freeradius-server-ldap-3.0.3-17.15.2 freeradius-server-ldap-debuginfo-3.0.3-17.15.2 freeradius-server-libs-3.0.3-17.15.2 freeradius-server-libs-debuginfo-3.0.3-17.15.2 freeradius-server-mysql-3.0.3-17.15.2 freeradius-server-mysql-debuginfo-3.0.3-17.15.2 freeradius-server-perl-3.0.3-17.15.2 freeradius-server-perl-debuginfo-3.0.3-17.15.2 freeradius-server-postgresql-3.0.3-17.15.2 freeradius-server-postgresql-debuginfo-3.0.3-17.15.2 freeradius-server-python-3.0.3-17.15.2 freeradius-server-python-debuginfo-3.0.3-17.15.2 freeradius-server-sqlite-3.0.3-17.15.2 freeradius-server-sqlite-debuginfo-3.0.3-17.15.2 freeradius-server-utils-3.0.3-17.15.2 freeradius-server-utils-debuginfo-3.0.3-17.15.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.15.2 freeradius-server-debuginfo-3.0.3-17.15.2 freeradius-server-debugsource-3.0.3-17.15.2 freeradius-server-doc-3.0.3-17.15.2 freeradius-server-krb5-3.0.3-17.15.2 freeradius-server-krb5-debuginfo-3.0.3-17.15.2 freeradius-server-ldap-3.0.3-17.15.2 freeradius-server-ldap-debuginfo-3.0.3-17.15.2 freeradius-server-libs-3.0.3-17.15.2 freeradius-server-libs-debuginfo-3.0.3-17.15.2 freeradius-server-mysql-3.0.3-17.15.2 freeradius-server-mysql-debuginfo-3.0.3-17.15.2 freeradius-server-perl-3.0.3-17.15.2 freeradius-server-perl-debuginfo-3.0.3-17.15.2 freeradius-server-postgresql-3.0.3-17.15.2 freeradius-server-postgresql-debuginfo-3.0.3-17.15.2 freeradius-server-python-3.0.3-17.15.2 freeradius-server-python-debuginfo-3.0.3-17.15.2 freeradius-server-sqlite-3.0.3-17.15.2 freeradius-server-sqlite-debuginfo-3.0.3-17.15.2 freeradius-server-utils-3.0.3-17.15.2 freeradius-server-utils-debuginfo-3.0.3-17.15.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): freeradius-server-3.0.3-17.15.2 freeradius-server-debuginfo-3.0.3-17.15.2 freeradius-server-debugsource-3.0.3-17.15.2 freeradius-server-doc-3.0.3-17.15.2 freeradius-server-krb5-3.0.3-17.15.2 freeradius-server-krb5-debuginfo-3.0.3-17.15.2 freeradius-server-ldap-3.0.3-17.15.2 freeradius-server-ldap-debuginfo-3.0.3-17.15.2 freeradius-server-libs-3.0.3-17.15.2 freeradius-server-libs-debuginfo-3.0.3-17.15.2 freeradius-server-mysql-3.0.3-17.15.2 freeradius-server-mysql-debuginfo-3.0.3-17.15.2 freeradius-server-perl-3.0.3-17.15.2 freeradius-server-perl-debuginfo-3.0.3-17.15.2 freeradius-server-postgresql-3.0.3-17.15.2 freeradius-server-postgresql-debuginfo-3.0.3-17.15.2 freeradius-server-python-3.0.3-17.15.2 freeradius-server-python-debuginfo-3.0.3-17.15.2 freeradius-server-sqlite-3.0.3-17.15.2 freeradius-server-sqlite-debuginfo-3.0.3-17.15.2 freeradius-server-utils-3.0.3-17.15.2 freeradius-server-utils-debuginfo-3.0.3-17.15.2 References: https://www.suse.com/security/cve/CVE-2019-13456.html https://www.suse.com/security/cve/CVE-2019-17185.html https://bugzilla.suse.com/1144524 https://bugzilla.suse.com/1166847 From sle-updates at lists.suse.com Mon Aug 31 10:14:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Aug 2020 18:14:54 +0200 (CEST) Subject: SUSE-RU-2020:2393-1: moderate: Recommended update for powerpc-utils Message-ID: <20200831161454.0AE19FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2393-1 Rating: moderate References: #1173403 #1174666 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lookup of disk partitions. (bsc#1173403) - On SUSE the service is called kexec-load.service instead of kexec.service. (bsc#1174666) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2393=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2393=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2393=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): powerpc-utils-1.3.7.1-5.20.1 powerpc-utils-debuginfo-1.3.7.1-5.20.1 powerpc-utils-debugsource-1.3.7.1-5.20.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.7.1-5.20.1 powerpc-utils-debuginfo-1.3.7.1-5.20.1 powerpc-utils-debugsource-1.3.7.1-5.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): powerpc-utils-1.3.7.1-5.20.1 powerpc-utils-debuginfo-1.3.7.1-5.20.1 powerpc-utils-debugsource-1.3.7.1-5.20.1 References: https://bugzilla.suse.com/1173403 https://bugzilla.suse.com/1174666 From sle-updates at lists.suse.com Mon Aug 31 13:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Aug 2020 21:13:37 +0200 (CEST) Subject: SUSE-RU-2020:2396-1: moderate: Recommended update for open-iscsi Message-ID: <20200831191337.453F9FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2396-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: Upgrade to upstream version 2.1.2 as 2.1.2-suse (jsc#SES-1081) - Use openssl for random data generation - Misspelled socket name might cause confusion to inexperienced user. - Let initiator name be created by iscsi-init.service. - iscsi: fix fd leak - Fix a compiler issue about string copy in iscsiuio - Fix a compiler issue about writing one byte - Fix issue with zero-length arrays at end of struct - Add *iscsi-init.service* Note that the "*iscsi-init.service*" adds a new systemd service called "*iscsi-init*", that creates the iSCSI initiator name file */etc/iscsi/initiatorname.iscsi*, if and only if it does not exist. - Proper disconnect of TCP connection - Fix SIGPIPE loop in signal handler - Update iscsi-iname.c - log:modify iSCSI shared memory permissions for logs - Sequence systemd services correctly when upgrading - Ignore iface.example in iface match checks - Fix type mismatch under musl. - Add Wants=remote-fs-pre.target for sequencing. - Fix issue where "iscsi-iname -p" core dumps. - iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix - Fix iscsi.service so it handles restarts better Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2396=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-22.3.1 iscsiuio-debuginfo-0.7.8.6-22.3.1 libopeniscsiusr0_2_0-2.1.2-22.3.1 libopeniscsiusr0_2_0-debuginfo-2.1.2-22.3.1 open-iscsi-2.1.2-22.3.1 open-iscsi-debuginfo-2.1.2-22.3.1 open-iscsi-debugsource-2.1.2-22.3.1 open-iscsi-devel-2.1.2-22.3.1 References: From sle-updates at lists.suse.com Mon Aug 31 13:14:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Aug 2020 21:14:22 +0200 (CEST) Subject: SUSE-RU-2020:2394-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20200831191422.33FFEFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2394-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: Live kernel patching update data. (bsc#1020320) - New data for 4_12_14-150_55, 4_12_14-197_48, 5_3_18-22, 5_3_18-24_9. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2394=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2394=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2394=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2395=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2395=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2020-2395=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2020-2395=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.36.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.36.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.36.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.70.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.70.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.70.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.70.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Mon Aug 31 23:59:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 07:59:55 +0200 (CEST) Subject: SUSE-CU-2020:420-1: Recommended update of registry/harbor-core Message-ID: <20200901055955.CA5A1FF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:420-1 Container Tags : registry/harbor-core:2.0.2 , registry/harbor-core:2.0.2-rev1 , registry/harbor-core:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964)