From sle-updates at lists.suse.com Tue Dec 1 00:12:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 08:12:30 +0100 (CET) Subject: SUSE-CU-2020:734-1: Recommended update of suse/sles12sp5 Message-ID: <20201201071230.693DFFBB3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:734-1 Container Tags : suse/sles12sp5:6.5.100 , suse/sles12sp5:latest Container Release : 6.5.100 Severity : moderate Type : recommended References : 1178727 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3569-1 Released: Mon Nov 30 17:13:16 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1178727 This update for pam fixes the following issue: - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) From sle-updates at lists.suse.com Tue Dec 1 00:25:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 08:25:58 +0100 (CET) Subject: SUSE-CU-2020:735-1: Recommended update of suse/sle15 Message-ID: <20201201072558.A3D79FBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:735-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.358 Container Release : 6.2.358 Severity : moderate Type : recommended References : 1158499 1160158 1161198 1161203 1163569 1165281 1165534 1166848 1175847 1177479 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3560-1 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) From sle-updates at lists.suse.com Tue Dec 1 04:18:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 12:18:17 +0100 (CET) Subject: SUSE-SU-2020:2475-2: moderate: Security update for libX11 Message-ID: <20201201111817.C8801F749@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2475-2 Rating: moderate References: #1175239 Cross-References: CVE-2020-14363 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2475=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2475=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2475=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2475=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2475=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2475=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2475=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2475=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2475=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2475=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2475=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2475=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2475=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2475=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2475=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libX11-data-1.6.2-12.15.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libX11-data-1.6.2-12.15.1 - SUSE OpenStack Cloud 9 (noarch): libX11-data-1.6.2-12.15.1 - SUSE OpenStack Cloud 9 (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE OpenStack Cloud 8 (noarch): libX11-data-1.6.2-12.15.1 - SUSE OpenStack Cloud 8 (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE OpenStack Cloud 7 (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libX11-data-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libX11-data-1.6.2-12.15.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Enterprise Storage 5 (noarch): libX11-data-1.6.2-12.15.1 - SUSE Enterprise Storage 5 (x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - HPE Helion Openstack 8 (noarch): libX11-data-1.6.2-12.15.1 - HPE Helion Openstack 8 (x86_64): libX11-6-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2020-14363.html https://bugzilla.suse.com/1175239 From sle-updates at lists.suse.com Tue Dec 1 07:15:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 15:15:15 +0100 (CET) Subject: SUSE-RU-2020:3578-1: moderate: Recommended update for bcache-tools Message-ID: <20201201141515.EA7A5F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for bcache-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3578-1 Rating: moderate References: #1178725 SLE-9807 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for bcache-tools fixes the following issues: - Install *bcache-status*. (jsc#SLE-9807, bsc#1178725) - Add *_sbindir/bcache-status* for the new added *bcache-status* python script. (jsc#SLE-9807, bsc#1178725) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3578=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bcache-tools-1.1-3.6.1 bcache-tools-debuginfo-1.1-3.6.1 bcache-tools-debugsource-1.1-3.6.1 References: https://bugzilla.suse.com/1178725 From sle-updates at lists.suse.com Tue Dec 1 07:16:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 15:16:13 +0100 (CET) Subject: SUSE-RU-2020:3576-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20201201141613.B3FB5F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3576-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for the live patches 4_12_14-197_61, 4_12_14-197_64, 4_12_14-197_67, 5_3_18-24_24, 5_3_18-24_29, 5_3_18-24_34, 5_3_18-24_37. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3576=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3576=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3576=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.42.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.42.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.42.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Tue Dec 1 07:18:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 15:18:05 +0100 (CET) Subject: SUSE-RU-2020:3577-1: moderate: Recommended update for suse-migration-sle15-activation Message-ID: <20201201141805.69102F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-sle15-activation ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3577-1 Rating: moderate References: #1178737 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-sle15-activation fixes the following issue: - Set the correct root filesystem type. (bsc#1178737) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3577=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-2.0.14-6.17.3 References: https://bugzilla.suse.com/1178737 From sle-updates at lists.suse.com Tue Dec 1 10:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 18:18:43 +0100 (CET) Subject: SUSE-RU-2020:3581-1: moderate: Recommended update for libusb-1_0 Message-ID: <20201201171843.F0435F749@maintenance.suse.de> SUSE Recommended Update: Recommended update for libusb-1_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3581-1 Rating: moderate References: #1178376 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3581=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3581=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3581=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3581=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libusb-1_0-0-32bit-1.0.21-3.3.1 libusb-1_0-0-32bit-debuginfo-1.0.21-3.3.1 libusb-1_0-debugsource-1.0.21-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): libusb-1_0-0-32bit-1.0.21-3.3.1 libusb-1_0-0-32bit-debuginfo-1.0.21-3.3.1 libusb-1_0-debugsource-1.0.21-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libusb-1_0-0-1.0.21-3.3.1 libusb-1_0-0-debuginfo-1.0.21-3.3.1 libusb-1_0-debugsource-1.0.21-3.3.1 libusb-1_0-devel-1.0.21-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libusb-1_0-0-1.0.21-3.3.1 libusb-1_0-0-debuginfo-1.0.21-3.3.1 libusb-1_0-debugsource-1.0.21-3.3.1 libusb-1_0-devel-1.0.21-3.3.1 References: https://bugzilla.suse.com/1178376 From sle-updates at lists.suse.com Tue Dec 1 10:19:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 18:19:34 +0100 (CET) Subject: SUSE-RU-2020:3579-1: moderate: Recommended update for glib2 Message-ID: <20201201171934.AA8B1F749@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3579-1 Rating: moderate References: #1178346 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3579=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.21.1 glib2-devel-2.54.3-4.21.1 glib2-devel-debuginfo-2.54.3-4.21.1 glib2-tools-2.54.3-4.21.1 glib2-tools-debuginfo-2.54.3-4.21.1 libgio-2_0-0-2.54.3-4.21.1 libgio-2_0-0-debuginfo-2.54.3-4.21.1 libglib-2_0-0-2.54.3-4.21.1 libglib-2_0-0-debuginfo-2.54.3-4.21.1 libgmodule-2_0-0-2.54.3-4.21.1 libgmodule-2_0-0-debuginfo-2.54.3-4.21.1 libgobject-2_0-0-2.54.3-4.21.1 libgobject-2_0-0-debuginfo-2.54.3-4.21.1 libgthread-2_0-0-2.54.3-4.21.1 libgthread-2_0-0-debuginfo-2.54.3-4.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glib2-lang-2.54.3-4.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgio-2_0-0-32bit-2.54.3-4.21.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.21.1 libglib-2_0-0-32bit-2.54.3-4.21.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.21.1 libgmodule-2_0-0-32bit-2.54.3-4.21.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.21.1 libgobject-2_0-0-32bit-2.54.3-4.21.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.21.1 References: https://bugzilla.suse.com/1178346 From sle-updates at lists.suse.com Tue Dec 1 10:21:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 18:21:32 +0100 (CET) Subject: SUSE-RU-2020:3580-1: moderate: Recommended update for tboot Message-ID: <20201201172132.5761DF749@maintenance.suse.de> SUSE Recommended Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3580-1 Rating: moderate References: #1175114 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tboot fixes the following issues: - Do not generate 'tboot' menu entries in grub when the system is running with UEFI Secure Boot. (bsc#1175114) The tboot bootloader is not an EFI compatible binary and therefore not digitally signed appropriately to be part of a Secure Boot trust chain. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3580=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): tboot-20170711_1.9.8-15.6.1 tboot-debuginfo-20170711_1.9.8-15.6.1 tboot-debugsource-20170711_1.9.8-15.6.1 References: https://bugzilla.suse.com/1175114 From sle-updates at lists.suse.com Tue Dec 1 13:17:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:17:06 +0100 (CET) Subject: SUSE-SU-2020:3588-1: important: Security update for xorg-x11-server Message-ID: <20201201201706.12CA2F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3588-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3588=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3588=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3588=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.16.1 xorg-x11-server-debugsource-1.20.3-22.5.16.1 xorg-x11-server-wayland-1.20.3-22.5.16.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.16.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.16.1 xorg-x11-server-debugsource-1.20.3-22.5.16.1 xorg-x11-server-sdk-1.20.3-22.5.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.16.1 xorg-x11-server-debuginfo-1.20.3-22.5.16.1 xorg-x11-server-debugsource-1.20.3-22.5.16.1 xorg-x11-server-extra-1.20.3-22.5.16.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.16.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:18:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:18:20 +0100 (CET) Subject: SUSE-SU-2020:3589-1: important: Security update for xorg-x11-server Message-ID: <20201201201820.A7C81F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3589-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3589=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3589=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3589=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3589=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.27.1 xorg-x11-server-debuginfo-1.19.6-8.27.1 xorg-x11-server-debugsource-1.19.6-8.27.1 xorg-x11-server-extra-1.19.6-8.27.1 xorg-x11-server-extra-debuginfo-1.19.6-8.27.1 xorg-x11-server-sdk-1.19.6-8.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.27.1 xorg-x11-server-debuginfo-1.19.6-8.27.1 xorg-x11-server-debugsource-1.19.6-8.27.1 xorg-x11-server-extra-1.19.6-8.27.1 xorg-x11-server-extra-debuginfo-1.19.6-8.27.1 xorg-x11-server-sdk-1.19.6-8.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.27.1 xorg-x11-server-debuginfo-1.19.6-8.27.1 xorg-x11-server-debugsource-1.19.6-8.27.1 xorg-x11-server-extra-1.19.6-8.27.1 xorg-x11-server-extra-debuginfo-1.19.6-8.27.1 xorg-x11-server-sdk-1.19.6-8.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.27.1 xorg-x11-server-debuginfo-1.19.6-8.27.1 xorg-x11-server-debugsource-1.19.6-8.27.1 xorg-x11-server-extra-1.19.6-8.27.1 xorg-x11-server-extra-debuginfo-1.19.6-8.27.1 xorg-x11-server-sdk-1.19.6-8.27.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:19:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:19:25 +0100 (CET) Subject: SUSE-SU-2020:3582-1: important: Security update for xorg-x11-server Message-ID: <20201201201925.EAE91F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3582-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3582=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3582=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3582=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3582=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.19.1 xorg-x11-server-debuginfo-1.19.6-4.19.1 xorg-x11-server-debugsource-1.19.6-4.19.1 xorg-x11-server-extra-1.19.6-4.19.1 xorg-x11-server-extra-debuginfo-1.19.6-4.19.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.19.1 xorg-x11-server-debuginfo-1.19.6-4.19.1 xorg-x11-server-debugsource-1.19.6-4.19.1 xorg-x11-server-extra-1.19.6-4.19.1 xorg-x11-server-extra-debuginfo-1.19.6-4.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.19.1 xorg-x11-server-debuginfo-1.19.6-4.19.1 xorg-x11-server-debugsource-1.19.6-4.19.1 xorg-x11-server-extra-1.19.6-4.19.1 xorg-x11-server-extra-debuginfo-1.19.6-4.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.19.1 xorg-x11-server-debuginfo-1.19.6-4.19.1 xorg-x11-server-debugsource-1.19.6-4.19.1 xorg-x11-server-extra-1.19.6-4.19.1 xorg-x11-server-extra-debuginfo-1.19.6-4.19.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:20:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:20:33 +0100 (CET) Subject: SUSE-SU-2020:3587-1: important: Security update for xorg-x11-server Message-ID: <20201201202033.19474F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3587-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3587=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3587=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.20.1 xorg-x11-server-debugsource-1.19.6-10.20.1 xorg-x11-server-sdk-1.19.6-10.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.20.1 xorg-x11-server-debuginfo-1.19.6-10.20.1 xorg-x11-server-debugsource-1.19.6-10.20.1 xorg-x11-server-extra-1.19.6-10.20.1 xorg-x11-server-extra-debuginfo-1.19.6-10.20.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:22:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:22:36 +0100 (CET) Subject: SUSE-SU-2020:3586-1: important: Security update for xorg-x11-server Message-ID: <20201201202236.40855F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3586-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3586=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3586=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.13.1 xorg-x11-server-debugsource-1.20.3-14.5.13.1 xorg-x11-server-wayland-1.20.3-14.5.13.1 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.13.1 xorg-x11-server-debugsource-1.20.3-14.5.13.1 xorg-x11-server-sdk-1.20.3-14.5.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.13.1 xorg-x11-server-debuginfo-1.20.3-14.5.13.1 xorg-x11-server-debugsource-1.20.3-14.5.13.1 xorg-x11-server-extra-1.20.3-14.5.13.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.13.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:23:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:23:44 +0100 (CET) Subject: SUSE-SU-2020:3585-1: important: Security update for xorg-x11-server Message-ID: <20201201202344.95583F7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3585-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3585=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3585=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3585=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3585=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3585=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3585=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3585=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3585=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3585=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3585=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3585=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE OpenStack Cloud 7 (s390x x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.37.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.37.1 xorg-x11-server-debugsource-7.6_1.18.3-76.37.1 xorg-x11-server-extra-7.6_1.18.3-76.37.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.37.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:24:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:24:58 +0100 (CET) Subject: SUSE-SU-2020:14553-1: important: Security update for xorg-x11-server Message-ID: <20201201202458.1AEFAF7D6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14553-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14553=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14553=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14553=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14553=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.37.1 xorg-x11-server-7.4-27.122.37.1 xorg-x11-server-extra-7.4-27.122.37.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.37.1 xorg-x11-server-7.4-27.122.37.1 xorg-x11-server-extra-7.4-27.122.37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.37.1 xorg-x11-server-debugsource-7.4-27.122.37.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.37.1 xorg-x11-server-debugsource-7.4-27.122.37.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596 From sle-updates at lists.suse.com Tue Dec 1 13:27:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Dec 2020 21:27:47 +0100 (CET) Subject: SUSE-RU-2020:3590-1: moderate: Recommended update for hawk2 Message-ID: <20201201202747.23913F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3590-1 Rating: moderate References: #1163381 SLE-7358 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for hawk2 fixes the following issues: - Update from version 2.1.2+git.1594886920.d00b94aa to version 2.2.0+git.1603969748.10468582: - Fix server error after authentication if a resource has the same name as a node (bsc#1163381) - Allow also users in haclient to view history explorer (jsc#SLE-7358) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3590=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3590=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-3590=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debuginfo-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debugsource-2.2.0+git.1603969748.10468582-3.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debuginfo-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debugsource-2.2.0+git.1603969748.10468582-3.15.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debuginfo-2.2.0+git.1603969748.10468582-3.15.1 hawk2-debugsource-2.2.0+git.1603969748.10468582-3.15.1 References: https://bugzilla.suse.com/1163381 From sle-updates at lists.suse.com Wed Dec 2 07:16:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:16:31 +0100 (CET) Subject: SUSE-SU-2020:3596-1: important: Security update for python3 Message-ID: <20201202141631.C8455F7D6@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3596-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3596=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3596=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3596=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3596=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3596=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3596=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3596=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3596=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3596=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3596=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3596=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3596=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3596=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3596=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3596=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-3596=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3596=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3596=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-dbm-3.4.10-25.58.1 python3-dbm-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-tk-3.4.10-25.58.1 python3-tk-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.58.1 python3-base-debuginfo-32bit-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 - SUSE Enterprise Storage 5 (x86_64): python3-devel-debuginfo-3.4.10-25.58.1 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.58.1 libpython3_4m1_0-debuginfo-3.4.10-25.58.1 python3-3.4.10-25.58.1 python3-base-3.4.10-25.58.1 python3-base-debuginfo-3.4.10-25.58.1 python3-base-debugsource-3.4.10-25.58.1 python3-curses-3.4.10-25.58.1 python3-curses-debuginfo-3.4.10-25.58.1 python3-debuginfo-3.4.10-25.58.1 python3-debugsource-3.4.10-25.58.1 python3-devel-3.4.10-25.58.1 python3-devel-debuginfo-3.4.10-25.58.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Dec 2 07:17:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:17:42 +0100 (CET) Subject: SUSE-SU-2020:3597-1: important: Security update for python Message-ID: <20201202141742.0BA33F7D6@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3597-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3597=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3597=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2020-3597=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3597=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3597=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2020-3597=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3597=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3597=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3597=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3597=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-tk-2.7.17-7.47.1 python-tk-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-tk-2.7.17-7.47.1 python-tk-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-tk-2.7.17-7.47.1 python-tk-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.17-7.47.1 libpython2_7-1_0-debuginfo-2.7.17-7.47.1 python-2.7.17-7.47.1 python-base-2.7.17-7.47.1 python-base-debuginfo-2.7.17-7.47.1 python-base-debugsource-2.7.17-7.47.1 python-curses-2.7.17-7.47.1 python-curses-debuginfo-2.7.17-7.47.1 python-debuginfo-2.7.17-7.47.1 python-debugsource-2.7.17-7.47.1 python-devel-2.7.17-7.47.1 python-gdbm-2.7.17-7.47.1 python-gdbm-debuginfo-2.7.17-7.47.1 python-xml-2.7.17-7.47.1 python-xml-debuginfo-2.7.17-7.47.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Dec 2 07:19:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:19:43 +0100 (CET) Subject: SUSE-SU-2020:3592-1: moderate: Security update for python-cryptography Message-ID: <20201202141943.460F1F7D6@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3592-1 Rating: moderate References: #1178168 Cross-References: CVE-2020-25659 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3592=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3592=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.8-3.3.1 python-cryptography-debugsource-2.8-3.3.1 python2-cryptography-2.8-3.3.1 python2-cryptography-debuginfo-2.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-cryptography-debuginfo-2.8-3.3.1 python-cryptography-debugsource-2.8-3.3.1 python3-cryptography-2.8-3.3.1 python3-cryptography-debuginfo-2.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25659.html https://bugzilla.suse.com/1178168 From sle-updates at lists.suse.com Wed Dec 2 07:20:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:20:44 +0100 (CET) Subject: SUSE-SU-2020:3591-1: important: Security update for java-1_8_0-openjdk Message-ID: <20201202142044.84227F7D6@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3591-1 Rating: important References: #1179441 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3591=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3591=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2020-3591=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3591=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3591=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.275-3.45.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-debugsource-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.275-3.45.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-debugsource-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-3.45.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-3.45.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-debugsource-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-3.45.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-3.45.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-debugsource-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-3.45.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-3.45.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-debugsource-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-1.8.0.275-3.45.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-1.8.0.275-3.45.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-1.8.0.275-3.45.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-3.45.1 References: https://bugzilla.suse.com/1179441 From sle-updates at lists.suse.com Wed Dec 2 07:21:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:21:52 +0100 (CET) Subject: SUSE-SU-2020:3594-1: important: Security update for python-setuptools Message-ID: <20201202142152.45D25F7D6@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3594-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3594=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3594=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3594=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3594=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3594=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3594=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3594=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3594=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3594=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3594=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3594=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3594=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3594=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3594=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3594=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3594=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2020-3594=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3594=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3594=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE OpenStack Cloud 9 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE OpenStack Cloud 8 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE OpenStack Cloud 7 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-40.6.2-4.18.1 - SUSE Enterprise Storage 5 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 - HPE Helion Openstack 8 (noarch): python-setuptools-40.6.2-4.18.1 python3-setuptools-40.6.2-4.18.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Dec 2 07:23:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 15:23:02 +0100 (CET) Subject: SUSE-SU-2020:3593-1: important: Security update for python3 Message-ID: <20201202142302.C8E74F7D6@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3593-1 Rating: important References: #1176262 #1179193 Cross-References: CVE-2019-20916 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3593=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3593=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2020-3593=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3593=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3593=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3593=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3593=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-testsuite-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.12-3.64.2 libpython3_6m1_0-debuginfo-3.6.12-3.64.2 python3-3.6.12-3.64.2 python3-base-3.6.12-3.64.2 python3-base-debuginfo-3.6.12-3.64.2 python3-base-debugsource-3.6.12-3.64.2 python3-curses-3.6.12-3.64.2 python3-curses-debuginfo-3.6.12-3.64.2 python3-dbm-3.6.12-3.64.2 python3-dbm-debuginfo-3.6.12-3.64.2 python3-debuginfo-3.6.12-3.64.2 python3-debugsource-3.6.12-3.64.2 python3-devel-3.6.12-3.64.2 python3-devel-debuginfo-3.6.12-3.64.2 python3-idle-3.6.12-3.64.2 python3-tk-3.6.12-3.64.2 python3-tk-debuginfo-3.6.12-3.64.2 python3-tools-3.6.12-3.64.2 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1179193 From sle-updates at lists.suse.com Wed Dec 2 10:15:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 18:15:37 +0100 (CET) Subject: SUSE-RU-2020:3601-1: important: Recommended update for susemanager-build-keys Message-ID: <20201202171537.74600F749@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-build-keys ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3601-1 Rating: important References: #1170347 #1176759 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for susemanager-build-keys fixes the following issues: - The SUSE build key has been extended. (bsc#1176759) - Add the SUSE Container GPG key. (jsc#PM-1845, bsc#1170347) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3601=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-3601=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): susemanager-build-keys-15.2.2-3.9.1 susemanager-build-keys-web-15.2.2-3.9.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): susemanager-build-keys-15.2.2-3.9.1 susemanager-build-keys-web-15.2.2-3.9.1 References: https://bugzilla.suse.com/1170347 https://bugzilla.suse.com/1176759 From sle-updates at lists.suse.com Wed Dec 2 10:16:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 18:16:35 +0100 (CET) Subject: SUSE-RU-2020:3603-1: moderate: Recommended update for lifecycle-data-sle-module-development-tools Message-ID: <20201202171635.C7F39F749@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-development-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3603-1 Rating: moderate References: ECO-2373 SLE-10950 SLE-10951 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains three features can now be installed. Description: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3603=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): lifecycle-data-sle-module-development-tools-1-3.7.1 References: From sle-updates at lists.suse.com Wed Dec 2 10:17:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 18:17:24 +0100 (CET) Subject: SUSE-RU-2020:3602-1: important: Recommended update for susemanager-build-keys Message-ID: <20201202171724.BD64FF749@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-build-keys ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3602-1 Rating: important References: #1170347 #1176759 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for susemanager-build-keys fixes the following issues: - The SUSE build key has been extended. (bsc#1176759) - Add the SUSE Container GPG key. (jsc#PM-1845, bsc#1170347) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3602=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-3602=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): susemanager-build-keys-15.1.1-3.9.1 susemanager-build-keys-web-15.1.1-3.9.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): susemanager-build-keys-15.1.1-3.9.1 susemanager-build-keys-web-15.1.1-3.9.1 References: https://bugzilla.suse.com/1170347 https://bugzilla.suse.com/1176759 From sle-updates at lists.suse.com Wed Dec 2 10:18:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 18:18:22 +0100 (CET) Subject: SUSE-SU-2020:3599-1: moderate: Security update for python-pip Message-ID: <20201202171822.53310F749@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3599-1 Rating: moderate References: #1176262 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3599=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3599=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-pip-10.0.1-13.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pip-10.0.1-13.3.1 python3-pip-10.0.1-13.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Dec 2 13:15:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:15:02 +0100 (CET) Subject: SUSE-RU-2020:3606-1: important: Recommended update for pnetcdf Message-ID: <20201202201502.B2F49F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for pnetcdf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3606-1 Rating: important References: #1174439 #1175007 ECO-2374 PM-2056 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for pnetcdf fixes the following issues: - Add build support for gcc10 to HPC build. (bsc#1174439) - Implement package. (jsc#ECO-2374, jsc#PM-2056, bsc#1175007) - Add missing flavors, no source changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-3606=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): libpnetcdf-gnu-mpich-hpc-1.12.1-5.5.1 libpnetcdf-gnu-mvapich2-hpc-1.12.1-5.5.1 libpnetcdf-gnu-openmpi2-hpc-1.12.1-5.5.1 libpnetcdf-gnu-openmpi3-hpc-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-mpich-hpc-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-mpich-hpc-debuginfo-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-mvapich2-hpc-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-mvapich2-hpc-debuginfo-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-openmpi2-hpc-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-openmpi2-hpc-debuginfo-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-openmpi3-hpc-1.12.1-5.5.1 libpnetcdf_1_12_1-gnu-openmpi3-hpc-debuginfo-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-debuginfo-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-debugsource-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-devel-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-debuginfo-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-debugsource-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-devel-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-debuginfo-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-debugsource-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-devel-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-debuginfo-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-debugsource-1.12.1-5.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-devel-1.12.1-5.5.1 - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): pnetcdf-devel-data-1.12.1-5.5.1 pnetcdf-doc-1.12.1-5.5.1 pnetcdf-gnu-mpich-hpc-1.12.1-5.5.1 pnetcdf-gnu-mpich-hpc-devel-1.12.1-5.5.1 pnetcdf-gnu-mvapich2-hpc-1.12.1-5.5.1 pnetcdf-gnu-mvapich2-hpc-devel-1.12.1-5.5.1 pnetcdf-gnu-openmpi2-hpc-1.12.1-5.5.1 pnetcdf-gnu-openmpi2-hpc-devel-1.12.1-5.5.1 pnetcdf-gnu-openmpi3-hpc-1.12.1-5.5.1 pnetcdf-gnu-openmpi3-hpc-devel-1.12.1-5.5.1 pnetcdf-hpc-doc-1.12.1-5.5.1 pnetcdf_1_12_1-hpc-doc-1.12.1-5.5.1 References: https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1175007 From sle-updates at lists.suse.com Wed Dec 2 13:16:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:16:04 +0100 (CET) Subject: SUSE-RU-2020:3605-1: important: Recommended update for pnetcdf Message-ID: <20201202201604.0E7D9F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for pnetcdf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3605-1 Rating: important References: #1174439 #1175007 ECO-2374 PM-2056 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for pnetcdf fixes the following issues: - Add build support for gcc10 to HPC build. (bsc#1174439) - Implement package. (jsc#ECO-2374, jsc#PM-2056, bsc#1175007) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-3605=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libpnetcdf-gnu-mpich-hpc-1.12.1-3.5.1 libpnetcdf-gnu-mvapich2-hpc-1.12.1-3.5.1 libpnetcdf-gnu-openmpi2-hpc-1.12.1-3.5.1 libpnetcdf-gnu-openmpi3-hpc-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-mpich-hpc-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-mpich-hpc-debuginfo-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-mvapich2-hpc-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-mvapich2-hpc-debuginfo-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-openmpi2-hpc-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-openmpi2-hpc-debuginfo-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-openmpi3-hpc-1.12.1-3.5.1 libpnetcdf_1_12_1-gnu-openmpi3-hpc-debuginfo-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-debuginfo-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-debugsource-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mpich-hpc-devel-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-debuginfo-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-debugsource-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-mvapich2-hpc-devel-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-debuginfo-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-debugsource-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi2-hpc-devel-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-debuginfo-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-debugsource-1.12.1-3.5.1 pnetcdf_1_12_1-gnu-openmpi3-hpc-devel-1.12.1-3.5.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): pnetcdf-doc-1.12.1-3.5.1 pnetcdf-gnu-mpich-hpc-1.12.1-3.5.1 pnetcdf-gnu-mpich-hpc-devel-1.12.1-3.5.1 pnetcdf-gnu-mvapich2-hpc-1.12.1-3.5.1 pnetcdf-gnu-mvapich2-hpc-devel-1.12.1-3.5.1 pnetcdf-gnu-openmpi2-hpc-1.12.1-3.5.1 pnetcdf-gnu-openmpi2-hpc-devel-1.12.1-3.5.1 pnetcdf-gnu-openmpi3-hpc-1.12.1-3.5.1 pnetcdf-gnu-openmpi3-hpc-devel-1.12.1-3.5.1 pnetcdf-hpc-doc-1.12.1-3.5.1 pnetcdf_1_12_1-hpc-doc-1.12.1-3.5.1 References: https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1175007 From sle-updates at lists.suse.com Wed Dec 2 13:17:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:17:05 +0100 (CET) Subject: SUSE-RU-2020:3609-1: important: Recommended update for cloud-init Message-ID: <20201202201705.C1AA5F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3609-1 Rating: important References: #1177526 #1178029 #1179150 #1179151 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-init includes the following fixes: - Add wget as a requirement (bsc#1178029) + wget is used in the CloudStack data source - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init default route patch. (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-3609=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-5.43.1 cloud-init-config-suse-20.2-5.43.1 References: https://bugzilla.suse.com/1177526 https://bugzilla.suse.com/1178029 https://bugzilla.suse.com/1179150 https://bugzilla.suse.com/1179151 From sle-updates at lists.suse.com Wed Dec 2 13:18:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:18:17 +0100 (CET) Subject: SUSE-RU-2020:3607-1: moderate: Recommended update for cloud-netconfig Message-ID: <20201202201817.3F462F7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3607-1 Rating: moderate References: #1159460 #1178486 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-netconfig contains the following fix: - Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486) + Improve default gateway determination Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3607=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-netconfig-azure-1.5-20.1 cloud-netconfig-ec2-1.5-20.1 References: https://bugzilla.suse.com/1159460 https://bugzilla.suse.com/1178486 From sle-updates at lists.suse.com Wed Dec 2 13:19:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:19:18 +0100 (CET) Subject: SUSE-RU-2020:3608-1: important: Recommended update for cloud-init Message-ID: <20201202201918.EB30AF7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3608-1 Rating: important References: #1177526 #1179150 #1179151 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-init contains the following fixes: - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3608=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3608=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.36.1 cloud-init-config-suse-20.2-8.36.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-8.36.1 cloud-init-config-suse-20.2-8.36.1 References: https://bugzilla.suse.com/1177526 https://bugzilla.suse.com/1179150 https://bugzilla.suse.com/1179151 From sle-updates at lists.suse.com Wed Dec 2 13:20:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2020 21:20:27 +0100 (CET) Subject: SUSE-RU-2020:3604-1: important: Recommended update for kdump Message-ID: <20201202202027.5FE3CF7D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3604-1 Rating: important References: #1108255 #1123940 #1170336 #1173914 #1177196 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Remove `console=hvc0` from commandline. (bsc#1173914) - Set serial console from Xen cmdline. (bsc#1173914) - Remove `noefi` and `acpi_rsdp` for EFI firmware. (bsc#1123940, bsc#1170336) - Add `skip_balance` option to BTRFS mounts. (bsc#1108255) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3604=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3604=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3604=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3604=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3604=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kdump-0.8.16-11.10.1 kdump-debuginfo-0.8.16-11.10.1 kdump-debugsource-0.8.16-11.10.1 - SUSE OpenStack Cloud 9 (x86_64): kdump-0.8.16-11.10.1 kdump-debuginfo-0.8.16-11.10.1 kdump-debugsource-0.8.16-11.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kdump-0.8.16-11.10.1 kdump-debuginfo-0.8.16-11.10.1 kdump-debugsource-0.8.16-11.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-11.10.1 kdump-debuginfo-0.8.16-11.10.1 kdump-debugsource-0.8.16-11.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kdump-0.8.16-11.10.1 kdump-debuginfo-0.8.16-11.10.1 kdump-debugsource-0.8.16-11.10.1 References: https://bugzilla.suse.com/1108255 https://bugzilla.suse.com/1123940 https://bugzilla.suse.com/1170336 https://bugzilla.suse.com/1173914 https://bugzilla.suse.com/1177196 From sle-updates at lists.suse.com Wed Dec 2 16:15:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 00:15:09 +0100 (CET) Subject: SUSE-RU-2020:3538-2: moderate: Recommended update for adcli Message-ID: <20201202231509.7585AF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3538-2 Rating: moderate References: ECO-2613 SLE-11503 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for adcli fixes the following issues: - Update samba secrets database after changing the machine password. (jsc#ECO-2613) - Support 'testjoin' command. (jsc#SLE-11503) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3538=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3538=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3538=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3538=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): adcli-0.8.2-3.8.7 adcli-debuginfo-0.8.2-3.8.7 adcli-debugsource-0.8.2-3.8.7 libipa_hbac0-1.16.1-4.29.9 libipa_hbac0-debuginfo-1.16.1-4.29.9 libsss_certmap0-1.16.1-4.29.9 libsss_certmap0-debuginfo-1.16.1-4.29.9 libsss_idmap0-1.16.1-4.29.9 libsss_idmap0-debuginfo-1.16.1-4.29.9 libsss_nss_idmap0-1.16.1-4.29.9 libsss_nss_idmap0-debuginfo-1.16.1-4.29.9 libsss_simpleifp0-1.16.1-4.29.9 libsss_simpleifp0-debuginfo-1.16.1-4.29.9 python-sssd-config-1.16.1-4.29.9 python-sssd-config-debuginfo-1.16.1-4.29.9 sssd-1.16.1-4.29.9 sssd-32bit-1.16.1-4.29.9 sssd-ad-1.16.1-4.29.9 sssd-ad-debuginfo-1.16.1-4.29.9 sssd-debuginfo-1.16.1-4.29.9 sssd-debuginfo-32bit-1.16.1-4.29.9 sssd-debugsource-1.16.1-4.29.9 sssd-ipa-1.16.1-4.29.9 sssd-ipa-debuginfo-1.16.1-4.29.9 sssd-krb5-1.16.1-4.29.9 sssd-krb5-common-1.16.1-4.29.9 sssd-krb5-common-debuginfo-1.16.1-4.29.9 sssd-krb5-debuginfo-1.16.1-4.29.9 sssd-ldap-1.16.1-4.29.9 sssd-ldap-debuginfo-1.16.1-4.29.9 sssd-proxy-1.16.1-4.29.9 sssd-proxy-debuginfo-1.16.1-4.29.9 sssd-tools-1.16.1-4.29.9 sssd-tools-debuginfo-1.16.1-4.29.9 - SUSE OpenStack Cloud 9 (x86_64): adcli-0.8.2-3.8.7 adcli-debuginfo-0.8.2-3.8.7 adcli-debugsource-0.8.2-3.8.7 libipa_hbac0-1.16.1-4.29.9 libipa_hbac0-debuginfo-1.16.1-4.29.9 libsss_certmap0-1.16.1-4.29.9 libsss_certmap0-debuginfo-1.16.1-4.29.9 libsss_idmap0-1.16.1-4.29.9 libsss_idmap0-debuginfo-1.16.1-4.29.9 libsss_nss_idmap0-1.16.1-4.29.9 libsss_nss_idmap0-debuginfo-1.16.1-4.29.9 libsss_simpleifp0-1.16.1-4.29.9 libsss_simpleifp0-debuginfo-1.16.1-4.29.9 python-sssd-config-1.16.1-4.29.9 python-sssd-config-debuginfo-1.16.1-4.29.9 sssd-1.16.1-4.29.9 sssd-32bit-1.16.1-4.29.9 sssd-ad-1.16.1-4.29.9 sssd-ad-debuginfo-1.16.1-4.29.9 sssd-debuginfo-1.16.1-4.29.9 sssd-debuginfo-32bit-1.16.1-4.29.9 sssd-debugsource-1.16.1-4.29.9 sssd-ipa-1.16.1-4.29.9 sssd-ipa-debuginfo-1.16.1-4.29.9 sssd-krb5-1.16.1-4.29.9 sssd-krb5-common-1.16.1-4.29.9 sssd-krb5-common-debuginfo-1.16.1-4.29.9 sssd-krb5-debuginfo-1.16.1-4.29.9 sssd-ldap-1.16.1-4.29.9 sssd-ldap-debuginfo-1.16.1-4.29.9 sssd-proxy-1.16.1-4.29.9 sssd-proxy-debuginfo-1.16.1-4.29.9 sssd-tools-1.16.1-4.29.9 sssd-tools-debuginfo-1.16.1-4.29.9 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): adcli-0.8.2-3.8.7 adcli-debuginfo-0.8.2-3.8.7 adcli-debugsource-0.8.2-3.8.7 libipa_hbac0-1.16.1-4.29.9 libipa_hbac0-debuginfo-1.16.1-4.29.9 libsss_certmap0-1.16.1-4.29.9 libsss_certmap0-debuginfo-1.16.1-4.29.9 libsss_idmap0-1.16.1-4.29.9 libsss_idmap0-debuginfo-1.16.1-4.29.9 libsss_nss_idmap0-1.16.1-4.29.9 libsss_nss_idmap0-debuginfo-1.16.1-4.29.9 libsss_simpleifp0-1.16.1-4.29.9 libsss_simpleifp0-debuginfo-1.16.1-4.29.9 python-sssd-config-1.16.1-4.29.9 python-sssd-config-debuginfo-1.16.1-4.29.9 sssd-1.16.1-4.29.9 sssd-ad-1.16.1-4.29.9 sssd-ad-debuginfo-1.16.1-4.29.9 sssd-debuginfo-1.16.1-4.29.9 sssd-debugsource-1.16.1-4.29.9 sssd-ipa-1.16.1-4.29.9 sssd-ipa-debuginfo-1.16.1-4.29.9 sssd-krb5-1.16.1-4.29.9 sssd-krb5-common-1.16.1-4.29.9 sssd-krb5-common-debuginfo-1.16.1-4.29.9 sssd-krb5-debuginfo-1.16.1-4.29.9 sssd-ldap-1.16.1-4.29.9 sssd-ldap-debuginfo-1.16.1-4.29.9 sssd-proxy-1.16.1-4.29.9 sssd-proxy-debuginfo-1.16.1-4.29.9 sssd-tools-1.16.1-4.29.9 sssd-tools-debuginfo-1.16.1-4.29.9 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.29.9 sssd-debuginfo-32bit-1.16.1-4.29.9 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): adcli-0.8.2-3.8.7 adcli-debuginfo-0.8.2-3.8.7 adcli-debugsource-0.8.2-3.8.7 libipa_hbac0-1.16.1-4.29.9 libipa_hbac0-debuginfo-1.16.1-4.29.9 libsss_certmap0-1.16.1-4.29.9 libsss_certmap0-debuginfo-1.16.1-4.29.9 libsss_idmap0-1.16.1-4.29.9 libsss_idmap0-debuginfo-1.16.1-4.29.9 libsss_nss_idmap0-1.16.1-4.29.9 libsss_nss_idmap0-debuginfo-1.16.1-4.29.9 libsss_simpleifp0-1.16.1-4.29.9 libsss_simpleifp0-debuginfo-1.16.1-4.29.9 python-sssd-config-1.16.1-4.29.9 python-sssd-config-debuginfo-1.16.1-4.29.9 sssd-1.16.1-4.29.9 sssd-ad-1.16.1-4.29.9 sssd-ad-debuginfo-1.16.1-4.29.9 sssd-debuginfo-1.16.1-4.29.9 sssd-debugsource-1.16.1-4.29.9 sssd-ipa-1.16.1-4.29.9 sssd-ipa-debuginfo-1.16.1-4.29.9 sssd-krb5-1.16.1-4.29.9 sssd-krb5-common-1.16.1-4.29.9 sssd-krb5-common-debuginfo-1.16.1-4.29.9 sssd-krb5-debuginfo-1.16.1-4.29.9 sssd-ldap-1.16.1-4.29.9 sssd-ldap-debuginfo-1.16.1-4.29.9 sssd-proxy-1.16.1-4.29.9 sssd-proxy-debuginfo-1.16.1-4.29.9 sssd-tools-1.16.1-4.29.9 sssd-tools-debuginfo-1.16.1-4.29.9 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.29.9 sssd-debuginfo-32bit-1.16.1-4.29.9 References: From sle-updates at lists.suse.com Thu Dec 3 00:22:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 08:22:56 +0100 (CET) Subject: SUSE-CU-2020:739-1: Recommended update of suse/sle15 Message-ID: <20201203072256.4B99AFBB5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:739-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.309 Container Release : 4.22.309 Severity : moderate Type : recommended References : 1178346 1178376 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) From sle-updates at lists.suse.com Thu Dec 3 00:37:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 08:37:15 +0100 (CET) Subject: SUSE-CU-2020:740-1: Recommended update of suse/sle15 Message-ID: <20201203073715.D04E4FBB5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:740-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.361 Container Release : 6.2.361 Severity : moderate Type : recommended References : 1178346 1178376 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) From sle-updates at lists.suse.com Thu Dec 3 00:41:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 08:41:44 +0100 (CET) Subject: SUSE-CU-2020:741-1: Recommended update of suse/sle15 Message-ID: <20201203074144.82A45FBB5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:741-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.799 Container Release : 8.2.799 Severity : moderate Type : recommended References : 1178376 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) From sle-updates at lists.suse.com Thu Dec 3 04:20:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 12:20:48 +0100 (CET) Subject: SUSE-RU-2020:3610-1: important: Recommended update for java-1_8_0-openjdk Message-ID: <20201203112048.39B36F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3610-1 Rating: important References: #1177943 #1179441 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for java-1_8_0-openjdk fixes the following issues: - This is a follow up update fixing an incorrect list. (bsc#1177943) - Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3610=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3610=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3610=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3610=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3610=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3610=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3610=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3610=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3610=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3610=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3610=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3610=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3610=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3610=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3610=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3610=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.275-27.53.1 java-1_8_0-openjdk-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-debugsource-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-1.8.0.275-27.53.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-1.8.0.275-27.53.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-1.8.0.275-27.53.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-27.53.1 References: https://bugzilla.suse.com/1177943 https://bugzilla.suse.com/1179441 From sle-updates at lists.suse.com Thu Dec 3 07:17:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:17:34 +0100 (CET) Subject: SUSE-SU-2020:3612-1: important: Security update for xen Message-ID: <20201203141734.29C7FF7E7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3612-1 Rating: important References: #1178591 #1178963 Cross-References: CVE-2020-28368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3612=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3612=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_04-3.33.1 xen-devel-4.12.4_04-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_04-3.33.1 xen-debugsource-4.12.4_04-3.33.1 xen-doc-html-4.12.4_04-3.33.1 xen-libs-32bit-4.12.4_04-3.33.1 xen-libs-4.12.4_04-3.33.1 xen-libs-debuginfo-32bit-4.12.4_04-3.33.1 xen-libs-debuginfo-4.12.4_04-3.33.1 xen-tools-4.12.4_04-3.33.1 xen-tools-debuginfo-4.12.4_04-3.33.1 xen-tools-domU-4.12.4_04-3.33.1 xen-tools-domU-debuginfo-4.12.4_04-3.33.1 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Thu Dec 3 07:18:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:18:35 +0100 (CET) Subject: SUSE-SU-2020:3611-1: important: Security update for xen Message-ID: <20201203141835.8E6B9F7E7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3611-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3611=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3611=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.4_04-3.37.1 xen-debugsource-4.12.4_04-3.37.1 xen-devel-4.12.4_04-3.37.1 xen-tools-4.12.4_04-3.37.1 xen-tools-debuginfo-4.12.4_04-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.4_04-3.37.1 xen-libs-4.12.4_04-3.37.1 xen-libs-debuginfo-4.12.4_04-3.37.1 xen-tools-domU-4.12.4_04-3.37.1 xen-tools-domU-debuginfo-4.12.4_04-3.37.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Thu Dec 3 07:21:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:21:16 +0100 (CET) Subject: SUSE-SU-2020:3614-1: important: Security update for gdm Message-ID: <20201203142116.CF15CF7E7@maintenance.suse.de> SUSE Security Update: Security update for gdm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3614-1 Rating: important References: #1178150 Cross-References: CVE-2020-16125 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3614=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3614=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3614=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3614=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3614=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3614=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3614=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3614=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3614=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3614=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3614=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3614=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3614=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3614=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3614=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3614=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3614=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE OpenStack Cloud Crowbar 9 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 9 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 9 (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 8 (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 8 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 7 (s390x x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE OpenStack Cloud 7 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 gdm-devel-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - SUSE Enterprise Storage 5 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 - HPE Helion Openstack 8 (x86_64): gdm-3.10.0.1-54.17.2 gdm-debuginfo-3.10.0.1-54.17.2 gdm-debugsource-3.10.0.1-54.17.2 libgdm1-3.10.0.1-54.17.2 libgdm1-debuginfo-3.10.0.1-54.17.2 typelib-1_0-Gdm-1_0-3.10.0.1-54.17.2 - HPE Helion Openstack 8 (noarch): gdm-lang-3.10.0.1-54.17.2 gdmflexiserver-3.10.0.1-54.17.2 References: https://www.suse.com/security/cve/CVE-2020-16125.html https://bugzilla.suse.com/1178150 From sle-updates at lists.suse.com Thu Dec 3 07:22:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:22:19 +0100 (CET) Subject: SUSE-RU-2020:3617-1: moderate: Recommended update for yast2-network Message-ID: <20201203142219.6ED6EF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3617-1 Rating: moderate References: #1178950 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: Update from version 4.2.83 to version 4.2.85 - Raise a warning message on modified configuration only when needed. (bsc#1178950) Do not show a warn message when modifying a bonding configuration and all the slaves are already configured with `BOOTPROTO='none'`. - Fixed detection of connection configuration changes. (bsc#1178950) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3617=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.85-3.31.1 References: https://bugzilla.suse.com/1178950 From sle-updates at lists.suse.com Thu Dec 3 07:23:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:23:18 +0100 (CET) Subject: SUSE-RU-2020:3618-1: moderate: Recommended update for wodim Message-ID: <20201203142318.B171BF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for wodim ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3618-1 Rating: moderate References: #1178692 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wodim fixes the following issue: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3618=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3618=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cdrkit-devel-static-1.1.11-26.7.1 wodim-debuginfo-1.1.11-26.7.1 wodim-debugsource-1.1.11-26.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cdrkit-cdrtools-compat-1.1.11-26.7.1 genisoimage-1.1.11-26.7.1 genisoimage-debuginfo-1.1.11-26.7.1 icedax-1.1.11-26.7.1 icedax-debuginfo-1.1.11-26.7.1 wodim-1.1.11-26.7.1 wodim-debuginfo-1.1.11-26.7.1 wodim-debugsource-1.1.11-26.7.1 References: https://bugzilla.suse.com/1178692 From sle-updates at lists.suse.com Thu Dec 3 07:24:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:24:18 +0100 (CET) Subject: SUSE-SU-2020:3613-1: moderate: Security update for rpmlint Message-ID: <20201203142418.9382BF7E7@maintenance.suse.de> SUSE Security Update: Security update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3613-1 Rating: moderate References: #1169614 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3613=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3613=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): rpmlint-1.10-7.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): rpmlint-1.10-7.22.1 References: https://bugzilla.suse.com/1169614 From sle-updates at lists.suse.com Thu Dec 3 07:25:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:25:15 +0100 (CET) Subject: SUSE-SU-2020:3615-1: important: Security update for xen Message-ID: <20201203142515.08743F7E7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3615-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3615=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3615=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.2_04-3.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.2_04-3.19.1 xen-debugsource-4.13.2_04-3.19.1 xen-devel-4.13.2_04-3.19.1 xen-tools-4.13.2_04-3.19.1 xen-tools-debuginfo-4.13.2_04-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.2_04-3.19.1 xen-libs-4.13.2_04-3.19.1 xen-libs-debuginfo-4.13.2_04-3.19.1 xen-tools-domU-4.13.2_04-3.19.1 xen-tools-domU-debuginfo-4.13.2_04-3.19.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Thu Dec 3 07:26:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 15:26:43 +0100 (CET) Subject: SUSE-RU-2020:3616-1: moderate: Recommended update for c-ares Message-ID: <20201203142643.C82F9F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for c-ares ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3616-1 Rating: moderate References: #1178882 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3616=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3616=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3616=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3616=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): c-ares-debugsource-1.17.0-3.11.1 c-ares-devel-1.17.0-3.11.1 libcares2-1.17.0-3.11.1 libcares2-debuginfo-1.17.0-3.11.1 References: https://bugzilla.suse.com/1178882 From sle-updates at lists.suse.com Thu Dec 3 10:16:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 18:16:11 +0100 (CET) Subject: SUSE-RU-2020:3619-1: moderate: Recommended update for cloud-netconfig, google-guest-agent Message-ID: <20201203171611.B39EAF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig, google-guest-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3619-1 Rating: moderate References: #1159460 #1178486 #1179031 #1179032 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-netconfig, google-guest-agent fixes the following issues: cloud-netconfig: - Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486) + Improve default gateway determination google-guest-agent: - Update to version 20201026.00 * remove old unused workflow files * fallback to IP for metadata * getPasswd: Check full prefix of line for username - dont_overwrite_ifcfg.patch: Do not overwrite existing ifcfg files to allow manual configuration and compatibility with cloud-netconfig. (bsc#1159460, bsc#1178486) - Update to version 20200929.00 * correct varname * don't call dhclient -x on network setup * add instance id dir override * update agent systemd service file * typo, change to noadjfile * add gaohannk to OWNERS * remove illfelder from OWNERS * Add all license files to packages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3619=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3619=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-3619=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20201102.00-1.11.1 google-guest-oslogin-20200925.00-1.9.1 google-guest-oslogin-debuginfo-20200925.00-1.9.1 google-guest-oslogin-debugsource-20200925.00-1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-netconfig-azure-1.5-5.19.2 cloud-netconfig-ec2-1.5-5.19.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20201102.00-1.11.1 google-guest-oslogin-20200925.00-1.9.1 google-guest-oslogin-debuginfo-20200925.00-1.9.1 google-guest-oslogin-debugsource-20200925.00-1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-netconfig-azure-1.5-5.19.2 cloud-netconfig-ec2-1.5-5.19.2 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-guest-agent-20201102.00-1.11.1 google-guest-oslogin-20200925.00-1.9.1 google-guest-oslogin-debuginfo-20200925.00-1.9.1 google-guest-oslogin-debugsource-20200925.00-1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-netconfig-azure-1.5-5.19.2 cloud-netconfig-ec2-1.5-5.19.2 References: https://bugzilla.suse.com/1159460 https://bugzilla.suse.com/1178486 https://bugzilla.suse.com/1179031 https://bugzilla.suse.com/1179032 From sle-updates at lists.suse.com Thu Dec 3 13:15:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 21:15:10 +0100 (CET) Subject: SUSE-RU-2020:3621-1: moderate: Recommended update for glib2 Message-ID: <20201203201510.32E68FBB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3621-1 Rating: moderate References: #1178346 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 fixes the following issues: - Add basic support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3621=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3621=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3621=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.18.1 libgio-fam-2.48.2-12.18.1 libgio-fam-debuginfo-2.48.2-12.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.18.1 glib2-devel-2.48.2-12.18.1 glib2-devel-debuginfo-2.48.2-12.18.1 glib2-devel-static-2.48.2-12.18.1 libgio-fam-2.48.2-12.18.1 libgio-fam-debuginfo-2.48.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.18.1 glib2-tools-2.48.2-12.18.1 glib2-tools-debuginfo-2.48.2-12.18.1 libgio-2_0-0-2.48.2-12.18.1 libgio-2_0-0-debuginfo-2.48.2-12.18.1 libglib-2_0-0-2.48.2-12.18.1 libglib-2_0-0-debuginfo-2.48.2-12.18.1 libgmodule-2_0-0-2.48.2-12.18.1 libgmodule-2_0-0-debuginfo-2.48.2-12.18.1 libgobject-2_0-0-2.48.2-12.18.1 libgobject-2_0-0-debuginfo-2.48.2-12.18.1 libgthread-2_0-0-2.48.2-12.18.1 libgthread-2_0-0-debuginfo-2.48.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.18.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.18.1 libglib-2_0-0-32bit-2.48.2-12.18.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.18.1 libgmodule-2_0-0-32bit-2.48.2-12.18.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.18.1 libgobject-2_0-0-32bit-2.48.2-12.18.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.18.1 libgthread-2_0-0-32bit-2.48.2-12.18.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.18.1 References: https://bugzilla.suse.com/1178346 From sle-updates at lists.suse.com Thu Dec 3 13:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2020 21:16:09 +0100 (CET) Subject: SUSE-RU-2020:3620-1: moderate: Recommended update for pam Message-ID: <20201203201609.B10ACFBB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3620-1 Rating: moderate References: SLE-16719 SLE-16720 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3620=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3620=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3620=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3620=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): pam-32bit-debuginfo-1.3.0-6.26.1 pam-debugsource-1.3.0-6.26.1 pam-devel-32bit-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): pam-32bit-debuginfo-1.3.0-6.26.1 pam-debugsource-1.3.0-6.26.1 pam-devel-32bit-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.26.1 pam-debuginfo-1.3.0-6.26.1 pam-debugsource-1.3.0-6.26.1 pam-devel-1.3.0-6.26.1 pam-extra-1.3.0-6.26.1 pam-extra-debuginfo-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): pam-doc-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): pam-32bit-1.3.0-6.26.1 pam-32bit-debuginfo-1.3.0-6.26.1 pam-extra-32bit-1.3.0-6.26.1 pam-extra-32bit-debuginfo-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.26.1 pam-debuginfo-1.3.0-6.26.1 pam-debugsource-1.3.0-6.26.1 pam-devel-1.3.0-6.26.1 pam-extra-1.3.0-6.26.1 pam-extra-debuginfo-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): pam-doc-1.3.0-6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): pam-32bit-1.3.0-6.26.1 pam-32bit-debuginfo-1.3.0-6.26.1 pam-extra-32bit-1.3.0-6.26.1 pam-extra-32bit-debuginfo-1.3.0-6.26.1 References: From sle-updates at lists.suse.com Thu Dec 3 23:59:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 07:59:58 +0100 (CET) Subject: SUSE-CU-2020:742-1: Recommended update of suse/sle15 Message-ID: <20201204065958.BEEA8F7E7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:742-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.10.2.118 Container Release : 10.2.118 Severity : moderate Type : recommended References : 1178376 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) From sle-updates at lists.suse.com Fri Dec 4 07:17:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 15:17:34 +0100 (CET) Subject: SUSE-RU-2020:3622-1: moderate: Recommended update for sblim-sfcb Message-ID: <20201204141734.BEFDDFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3622-1 Rating: moderate References: #1092281 #1161745 #1178415 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sblim-sfcb fixes the following issues: - Add a configuration option `sslNoTLSv1_1` to optionally disable TLSv1.1. (bsc#1178415) - Fix intermittent crashes at shutdown. (bsc#1161745) - Fix compile issues with the new `bison`. - Correct additional uninitialized memory usage. - Generate certificates at runtime, not during installation. (bsc#1092281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3622=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 References: https://bugzilla.suse.com/1092281 https://bugzilla.suse.com/1161745 https://bugzilla.suse.com/1178415 From sle-updates at lists.suse.com Fri Dec 4 07:18:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 15:18:46 +0100 (CET) Subject: SUSE-RU-2020:3623-1: moderate: Recommended update for nodejs14 Message-ID: <20201204141846.4EA90FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3623-1 Rating: moderate References: ECO-2965 PM-2112 SLE-15773 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has 0 recommended fixes and contains three features can now be installed. Description: This update of nodejs14 fixes the following issue: - NodeJS is shipped in version 14. (jsc#SLE-15773 jsc#ECO-2965 jsc#PM-2112) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-3623=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.15.1-6.3.1 nodejs14-debuginfo-14.15.1-6.3.1 nodejs14-debugsource-14.15.1-6.3.1 nodejs14-devel-14.15.1-6.3.1 npm14-14.15.1-6.3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.15.1-6.3.1 References: From sle-updates at lists.suse.com Fri Dec 4 10:15:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 18:15:31 +0100 (CET) Subject: SUSE-RU-2020:3626-1: moderate: Recommended update for audit Message-ID: <20201204171531.D3213F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3626-1 Rating: moderate References: #1179515 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3626=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3626=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): audit-secondary-debugsource-2.8.1-12.3.1 python2-audit-2.8.1-12.3.1 python2-audit-debuginfo-2.8.1-12.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): audit-2.8.1-12.3.1 audit-audispd-plugins-2.8.1-12.3.1 audit-audispd-plugins-debuginfo-2.8.1-12.3.1 audit-debuginfo-2.8.1-12.3.1 audit-debugsource-2.8.1-12.3.1 audit-devel-2.8.1-12.3.1 audit-secondary-debugsource-2.8.1-12.3.1 libaudit1-2.8.1-12.3.1 libaudit1-debuginfo-2.8.1-12.3.1 libauparse0-2.8.1-12.3.1 libauparse0-debuginfo-2.8.1-12.3.1 python3-audit-2.8.1-12.3.1 python3-audit-debuginfo-2.8.1-12.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libaudit1-32bit-2.8.1-12.3.1 libaudit1-32bit-debuginfo-2.8.1-12.3.1 References: https://bugzilla.suse.com/1179515 From sle-updates at lists.suse.com Fri Dec 4 10:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 18:16:26 +0100 (CET) Subject: SUSE-SU-2020:3625-1: important: Security update for mariadb Message-ID: <20201204171626.C8FA0F7E7@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3625-1 Rating: important References: #1171550 #1175596 #1177472 #1178428 Cross-References: CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for mariadb includes the following fixes: Security fixes included in this update: - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server. - CVE-2020-14812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-14765: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-14776: Fixed an issue which could have resulted in unauthorized ability of accessing data. - CVE-2020-14789: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-15180: Fixed an issue in Galera which could have led to remote code execution. Non Security fixes included in this update: - Update to 10.2.36 GA [bsc#1177472] and [bsc#1178428] * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10236-release-notes https://mariadb.com/kb/en/library/mariadb-10236-changelog https://mariadb.com/kb/en/library/mariadb-10235-release-notes https://mariadb.com/kb/en/library/mariadb-10235-changelog https://mariadb.com/kb/en/library/mariadb-10234-release-notes https://mariadb.com/kb/en/library/mariadb-10234-changelog * fixes for the following security vulnerabilities: 10.2.36: none 10.2.35: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 10.2.34: CVE-2020-15180 - update suse_skipped_tests.list - Update to 10.2.33 GA [bsc#1175596] * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10233-release-notes https://mariadb.com/kb/en/library/mariadb-10233-changelog * fixes for the following security vulnerabilities: none - refresh mariadb-10.2.4-fortify-and-O.patch - tune the testsuite to avoid randomly failing tests - update suse_skipped_tests.list - Update to 10.2.32 GA [bsc#1171550] * Fixes for the following security vulnerabilities: CVE-2020-2752, CVE-2020-2812, CVE-2020-2814, CVE-2020-2760, CVE-2020-13249 * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10232-release-notes https://mariadb.com/kb/en/library/mariadb-10232-changelog - refresh mariadb-10.2.4-fortify-and-O.patch - drop specfile "hacks" as things work correctly in upstream now: * renaming tmpfiles.conf -> mariadb.conf * installing pam_user_map.so to /lib64/security for non 32bit architectures * sysusers.conf was renamed to mariadb.conf - update suse_skipped_tests.list Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3625=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): mariadb-10.2.36-19.1 mariadb-client-10.2.36-19.1 mariadb-client-debuginfo-10.2.36-19.1 mariadb-debuginfo-10.2.36-19.1 mariadb-debugsource-10.2.36-19.1 mariadb-tools-10.2.36-19.1 mariadb-tools-debuginfo-10.2.36-19.1 - SUSE OpenStack Cloud 7 (noarch): mariadb-errormessages-10.2.36-19.1 - SUSE OpenStack Cloud 7 (x86_64): mariadb-galera-10.2.36-19.1 References: https://www.suse.com/security/cve/CVE-2020-13249.html https://www.suse.com/security/cve/CVE-2020-14765.html https://www.suse.com/security/cve/CVE-2020-14776.html https://www.suse.com/security/cve/CVE-2020-14789.html https://www.suse.com/security/cve/CVE-2020-14812.html https://www.suse.com/security/cve/CVE-2020-15180.html https://www.suse.com/security/cve/CVE-2020-2752.html https://www.suse.com/security/cve/CVE-2020-2760.html https://www.suse.com/security/cve/CVE-2020-2812.html https://www.suse.com/security/cve/CVE-2020-2814.html https://bugzilla.suse.com/1171550 https://bugzilla.suse.com/1175596 https://bugzilla.suse.com/1177472 https://bugzilla.suse.com/1178428 From sle-updates at lists.suse.com Fri Dec 4 10:17:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 18:17:40 +0100 (CET) Subject: SUSE-SU-2020:3624-1: moderate: Security update for crowbar-openstack, grafana, influxdb, python-urllib3 Message-ID: <20201204171740.2D30EF7E7@maintenance.suse.de> SUSE Security Update: Security update for crowbar-openstack, grafana, influxdb, python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3624-1 Rating: moderate References: #1005886 #1170479 #1177120 #1178243 #1178988 SOC-11240 Cross-References: CVE-2016-8611 CVE-2019-20933 CVE-2019-9740 CVE-2020-24303 CVE-2020-26137 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities, contains one feature is now available. Description: This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api (bnc#1005886) grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch datasource (#bnc#1178243) influxdb - CVE-2019-20933: Fixed an authentication bypass (bnc#1178988) python-urlib3 - CVE-2019-9740: Fixed a CRLF injection in urllib3 (bnc#1129071). - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bnc#1177120) memcached - CVE-2018-1000115: Fixed a issue where a UDP server allowed spoofed traffic amplification DoS (bnc#1083903). Non-security fixes included in this update: Changes in crowbar-openstack: - Update to version 4.0+git.1604938545.30c10db18: * rabbitmq: Fix crm running check (SOC-11240) Changes in grafana: - Fix bnc#1178243 CVE-2020-24303 by adding 25401-Fix-XSS-vulnerability-with-series-overrides.patch Changes in influxdb: - Add CVE-2019-20933.patch (bnc#1178988, CVE-2019-20933) to fix authentication bypass_ - Declare license files correctly - Version 1.2.4: * The stress tool influx_stress will be removed in a subsequent release. * Remove the override of GOMAXPROCS. * Uncomment section headers from the default configuration file. * Improve write performance significantly. * Prune data in meta store for deleted shards. * Update latest dependencies with Godeps. * Introduce syntax for marking a partial response with chunking. * Use X-Forwarded-For IP address in HTTP logger if present. * Add support for secure transmission via collectd. * Switch logging to use structured logging everywhere. * [CLI feature request] USE retention policy for queries. * Add clear command to cli. * Adding ability to use parameters in queries in the v2 client using the Parameters map in the Query struct. * Allow add items to array config via ENV * Support subquery execution in the query language. * Verbose output for SSL connection errors. * Cache snapshotting performance improvements - Partially revert previous change to fix build for Leap Changes in python-urllib3: - Update urllib3-fix-test-urls.patch. Adjust to match upstream solution. - Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for CVE-2019-9740. - Add urllib3-cve-2020-26137.patch. Don't allow control chars in request method. (bnc#1177120, CVE-2020-26137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3624=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): grafana-6.7.4-1.20.1 influxdb-1.2.4-5.1 influxdb-debuginfo-1.2.4-5.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1 python-urllib3-1.16-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-8611.html https://www.suse.com/security/cve/CVE-2019-20933.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2020-24303.html https://www.suse.com/security/cve/CVE-2020-26137.html https://bugzilla.suse.com/1005886 https://bugzilla.suse.com/1170479 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1178243 https://bugzilla.suse.com/1178988 From sle-updates at lists.suse.com Fri Dec 4 13:15:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 21:15:44 +0100 (CET) Subject: SUSE-SU-2020:3630-1: important: Security update for postgresql12 Message-ID: <20201204201544.D9421FBB3@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3630-1 Rating: important References: #1175193 #1175194 #1178666 #1178667 #1178668 Cross-References: CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3630=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3630=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3630=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3630=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3630=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3630=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3630=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3630=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3630=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3630=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3630=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3630=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3630=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3630=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3630=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3630=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3630=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE OpenStack Cloud 9 (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE OpenStack Cloud 8 (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.5-3.9.1 postgresql12-debugsource-12.5-3.9.3 postgresql12-devel-12.5-3.9.3 postgresql12-devel-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.5-3.9.3 postgresql12-server-devel-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 postgresql12-12.5-3.9.3 postgresql12-contrib-12.5-3.9.3 postgresql12-contrib-debuginfo-12.5-3.9.3 postgresql12-debuginfo-12.5-3.9.3 postgresql12-debugsource-12.5-3.9.1 postgresql12-debugsource-12.5-3.9.3 postgresql12-plperl-12.5-3.9.3 postgresql12-plperl-debuginfo-12.5-3.9.3 postgresql12-plpython-12.5-3.9.3 postgresql12-plpython-debuginfo-12.5-3.9.3 postgresql12-pltcl-12.5-3.9.3 postgresql12-pltcl-debuginfo-12.5-3.9.3 postgresql12-server-12.5-3.9.3 postgresql12-server-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 - SUSE Enterprise Storage 5 (x86_64): libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 - HPE Helion Openstack 8 (x86_64): libecpg6-12.5-3.9.3 libecpg6-debuginfo-12.5-3.9.3 libpq5-12.5-3.9.3 libpq5-32bit-12.5-3.9.3 libpq5-debuginfo-12.5-3.9.3 libpq5-debuginfo-32bit-12.5-3.9.3 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668 From sle-updates at lists.suse.com Fri Dec 4 13:18:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 21:18:06 +0100 (CET) Subject: SUSE-SU-2020:3627-1: important: Security update for xen Message-ID: <20201204201806.EFD13FBB3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3627-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3627=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3627=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3627=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_22-3.50.1 xen-debugsource-4.10.4_22-3.50.1 xen-devel-4.10.4_22-3.50.1 xen-libs-4.10.4_22-3.50.1 xen-libs-debuginfo-4.10.4_22-3.50.1 xen-tools-4.10.4_22-3.50.1 xen-tools-debuginfo-4.10.4_22-3.50.1 xen-tools-domU-4.10.4_22-3.50.1 xen-tools-domU-debuginfo-4.10.4_22-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_22-3.50.1 xen-debugsource-4.10.4_22-3.50.1 xen-devel-4.10.4_22-3.50.1 xen-libs-4.10.4_22-3.50.1 xen-libs-debuginfo-4.10.4_22-3.50.1 xen-tools-4.10.4_22-3.50.1 xen-tools-debuginfo-4.10.4_22-3.50.1 xen-tools-domU-4.10.4_22-3.50.1 xen-tools-domU-debuginfo-4.10.4_22-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_22-3.50.1 xen-debugsource-4.10.4_22-3.50.1 xen-devel-4.10.4_22-3.50.1 xen-libs-4.10.4_22-3.50.1 xen-libs-debuginfo-4.10.4_22-3.50.1 xen-tools-4.10.4_22-3.50.1 xen-tools-debuginfo-4.10.4_22-3.50.1 xen-tools-domU-4.10.4_22-3.50.1 xen-tools-domU-debuginfo-4.10.4_22-3.50.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Fri Dec 4 13:19:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 21:19:42 +0100 (CET) Subject: SUSE-SU-2020:3629-1: moderate: Security update for python-cryptography Message-ID: <20201204201942.71BD6FBB3@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3629-1 Rating: moderate References: #1178168 Cross-References: CVE-2020-25659 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3629=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3629=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3629=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3629=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3629=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3629=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3629=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3629=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3629=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3629=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3629=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3629=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3629=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3629=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3629=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3629=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 python3-cryptography-debuginfo-2.1.4-7.31.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE OpenStack Cloud 9 (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 python3-cryptography-debuginfo-2.1.4-7.31.1 - SUSE OpenStack Cloud 8 (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 - SUSE OpenStack Cloud 7 (s390x x86_64): python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 python3-cryptography-debuginfo-2.1.4-7.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 python3-cryptography-debuginfo-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 python3-cryptography-debuginfo-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 - HPE Helion Openstack 8 (x86_64): python-cryptography-2.1.4-7.31.1 python-cryptography-debuginfo-2.1.4-7.31.1 python-cryptography-debugsource-2.1.4-7.31.1 python3-cryptography-2.1.4-7.31.1 References: https://www.suse.com/security/cve/CVE-2020-25659.html https://bugzilla.suse.com/1178168 From sle-updates at lists.suse.com Fri Dec 4 13:20:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2020 21:20:48 +0100 (CET) Subject: SUSE-SU-2020:3628-1: moderate: Security update for fontforge Message-ID: <20201204202048.2A9CDFBB3@maintenance.suse.de> SUSE Security Update: Security update for fontforge ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3628-1 Rating: moderate References: #1160220 #1178308 Cross-References: CVE-2020-25690 CVE-2020-5395 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for fontforge fixes the following issues: - fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3628=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): fontforge-20170731-11.14.1 fontforge-debuginfo-20170731-11.14.1 fontforge-debugsource-20170731-11.14.1 References: https://www.suse.com/security/cve/CVE-2020-25690.html https://www.suse.com/security/cve/CVE-2020-5395.html https://bugzilla.suse.com/1160220 https://bugzilla.suse.com/1178308 From sle-updates at lists.suse.com Sun Dec 6 00:35:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Dec 2020 08:35:35 +0100 (CET) Subject: SUSE-CU-2020:743-1: Recommended update of suse/sle15 Message-ID: <20201206073535.306DDFBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:743-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.311 Container Release : 4.22.311 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` From sle-updates at lists.suse.com Sun Dec 6 00:48:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Dec 2020 08:48:29 +0100 (CET) Subject: SUSE-CU-2020:744-1: Recommended update of suse/sle15 Message-ID: <20201206074829.9DBCEFBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:744-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.362 Container Release : 6.2.362 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` From sle-updates at lists.suse.com Sun Dec 6 00:53:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Dec 2020 08:53:22 +0100 (CET) Subject: SUSE-CU-2020:745-1: Recommended update of suse/sle15 Message-ID: <20201206075322.B9578FBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:745-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.800 Container Release : 8.2.800 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` From sle-updates at lists.suse.com Sun Dec 6 00:53:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Dec 2020 08:53:31 +0100 (CET) Subject: SUSE-CU-2020:746-1: Recommended update of suse/sle15 Message-ID: <20201206075331.91BC9FBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:746-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.801 Container Release : 8.2.801 Severity : moderate Type : recommended References : 1179515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) From sle-updates at lists.suse.com Mon Dec 7 07:21:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:21:18 +0100 (CET) Subject: SUSE-RU-2020:14555-1: moderate: Recommended update for microcode_ctl Message-ID: <20201207142118.7B173FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14555-1 Rating: moderate References: #1178971 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for microcode_ctl fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14555=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14555=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.65.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.65.1 References: https://bugzilla.suse.com/1178971 From sle-updates at lists.suse.com Mon Dec 7 07:22:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:22:22 +0100 (CET) Subject: SUSE-SU-2020:3632-1: important: Security update for mutt Message-ID: <20201207142222.94658FBB3@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3632-1 Rating: important References: #1179035 #1179113 #1179461 Cross-References: CVE-2020-28896 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3632=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3632=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3632=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3632=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3632=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3632=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3632=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3632=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3632=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3632=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3632=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3632=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3632=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 9 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 7 (s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - HPE Helion Openstack 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 References: https://www.suse.com/security/cve/CVE-2020-28896.html https://bugzilla.suse.com/1179035 https://bugzilla.suse.com/1179113 https://bugzilla.suse.com/1179461 From sle-updates at lists.suse.com Mon Dec 7 07:32:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:32:54 +0100 (CET) Subject: SUSE-RU-2020:3637-1: moderate: Recommended update for fence-agents Message-ID: <20201207143254.9B895FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3637-1 Rating: moderate References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: Update from version 4.4.0+git.1558595666.5f79f9e9 to version 4.6.0+git.1605185986.7b0f11c1 (bsc#1178343) - Add `pkg-config` file - `fence_scsi`: do not write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file - `fencing`: fix run_command() to allow timeout=0 to mean forever - `fencing`: fix to make timeout(s)=0 be treated as forever for agents using `pexpect` - Add a `fence_crosslink` agent - `fencing`: fix `power-timeout` when using the new `disable-timeout` parameter Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-3637=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-4.16.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-4.16.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-4.16.1 fence-agents-devel-4.6.0+git.1605185986.7b0f11c1-4.16.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Mon Dec 7 07:33:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:33:55 +0100 (CET) Subject: SUSE-RU-2020:3633-1: important: Recommended update for mutt Message-ID: <20201207143355.3533EFBB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3633-1 Rating: important References: #1179461 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutt fixes the following issue: - Find and display the content of messages properly. (bsc#1179461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3633=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3633=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3633=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3633=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3633=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3633=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): mutt-1.10.1-3.14.1 mutt-debuginfo-1.10.1-3.14.1 mutt-debugsource-1.10.1-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mutt-doc-1.10.1-3.14.1 mutt-lang-1.10.1-3.14.1 References: https://bugzilla.suse.com/1179461 From sle-updates at lists.suse.com Mon Dec 7 07:36:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:36:08 +0100 (CET) Subject: SUSE-RU-2020:3634-1: moderate: Recommended update for skelcd-control-SLES4SAP Message-ID: <20201207143608.94E45FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for skelcd-control-SLES4SAP ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3634-1 Rating: moderate References: #1178138 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for skelcd-control-SLES4SAP fixes the following issue: - Fixed the default preselected modules when installing from the Full medium. (bsc#1178138) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2020-3634=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-3634=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): skelcd-control-SLES4SAP-15.2.2-3.3.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): skelcd-control-SLES4SAP-15.2.2-3.3.2 References: https://bugzilla.suse.com/1178138 From sle-updates at lists.suse.com Mon Dec 7 07:40:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:40:11 +0100 (CET) Subject: SUSE-SU-2020:3631-1: important: Security update for xen Message-ID: <20201207144011.233BFFBB3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3631-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3631=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3631=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3631=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3631=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3631=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3631=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3631=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_14-3.77.1 xen-debugsource-4.9.4_14-3.77.1 xen-doc-html-4.9.4_14-3.77.1 xen-libs-32bit-4.9.4_14-3.77.1 xen-libs-4.9.4_14-3.77.1 xen-libs-debuginfo-32bit-4.9.4_14-3.77.1 xen-libs-debuginfo-4.9.4_14-3.77.1 xen-tools-4.9.4_14-3.77.1 xen-tools-debuginfo-4.9.4_14-3.77.1 xen-tools-domU-4.9.4_14-3.77.1 xen-tools-domU-debuginfo-4.9.4_14-3.77.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Mon Dec 7 07:41:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 15:41:44 +0100 (CET) Subject: SUSE-RU-2020:3636-1: moderate: Recommended update for fence-agents Message-ID: <20201207144144.E8170FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3636-1 Rating: moderate References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: Update from version 4.4.0+git.1558595666.5f79f9e9 to version 4.6.0+git.1605185986.7b0f11c1 (bsc#1178343) - Add `pkg-config` file - `fence_scsi`: do not write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file - `fencing`: fix run_command() to allow timeout=0 to mean forever - `fencing`: fix to make timeout(s)=0 be treated as forever for agents using `pexpect` - Add a `fence_crosslink` agent - `fencing`: fix `power-timeout` when using the new `disable-timeout` parameter Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3636=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-3636=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-3.17.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-3.17.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-3.17.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-3.17.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-3.17.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-3.17.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Mon Dec 7 10:16:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 18:16:44 +0100 (CET) Subject: SUSE-RU-2020:3639-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20201207171644.3CC35F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3639-1 Rating: moderate References: #1177332 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - Fixes an issue when YaST Partitioner does not recognize partitions on Veritas disks. (bsc#1177332) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3639=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-3639=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.97-3.33.10 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.97-3.33.10 References: https://bugzilla.suse.com/1177332 From sle-updates at lists.suse.com Mon Dec 7 10:17:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 18:17:41 +0100 (CET) Subject: SUSE-RU-2020:3640-1: important: Recommended update for binutils Message-ID: <20201207171741.8E12AF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3640-1 Rating: important References: #1179036 #1179341 ECO-2373 SLE-7464 SLE-7903 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes and contains three features can now be installed. Description: This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: ".nop". This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3640=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3640=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3640=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3640=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.35.1-7.18.1 binutils-debugsource-2.35.1-7.18.1 binutils-gold-2.35.1-7.18.1 binutils-gold-debuginfo-2.35.1-7.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.35.1-7.18.1 binutils-debugsource-2.35.1-7.18.1 binutils-gold-2.35.1-7.18.1 binutils-gold-debuginfo-2.35.1-7.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): binutils-debugsource-2.35.1-7.18.1 binutils-devel-32bit-2.35.1-7.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): binutils-debugsource-2.35.1-7.18.1 binutils-devel-32bit-2.35.1-7.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): binutils-2.35.1-7.18.1 binutils-debuginfo-2.35.1-7.18.1 binutils-debugsource-2.35.1-7.18.1 binutils-devel-2.35.1-7.18.1 libctf-nobfd0-2.35.1-7.18.1 libctf-nobfd0-debuginfo-2.35.1-7.18.1 libctf0-2.35.1-7.18.1 libctf0-debuginfo-2.35.1-7.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-2.35.1-7.18.1 binutils-debuginfo-2.35.1-7.18.1 binutils-debugsource-2.35.1-7.18.1 binutils-devel-2.35.1-7.18.1 libctf-nobfd0-2.35.1-7.18.1 libctf-nobfd0-debuginfo-2.35.1-7.18.1 libctf0-2.35.1-7.18.1 libctf0-debuginfo-2.35.1-7.18.1 References: https://bugzilla.suse.com/1179036 https://bugzilla.suse.com/1179341 From sle-updates at lists.suse.com Mon Dec 7 10:18:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 18:18:46 +0100 (CET) Subject: SUSE-RU-2020:14556-1: moderate: Recommended update for bash Message-ID: <20201207171846.96026F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14556-1 Rating: moderate References: #1178857 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issue: - release number of bash package is now higher than the SLES 11 SP1 and SP2 bash packages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bash-14556=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bash-14556=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bash-3.2-149.36.3.1 bash-doc-3.2-147.36.3.1 libreadline5-5.2-147.36.3.1 readline-doc-5.2-147.36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bash-debuginfo-3.2-149.36.3.1 bash-debugsource-3.2-149.36.3.1 References: https://bugzilla.suse.com/1178857 From sle-updates at lists.suse.com Mon Dec 7 10:19:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 18:19:37 +0100 (CET) Subject: SUSE-SU-2020:3642-1: important: Security update for MozillaThunderbird Message-ID: <20201207171937.1B501F7E7@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3642-1 Rating: important References: #1179530 Cross-References: CVE-2020-26970 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.5.1 (MFSA 2020-53, bsc#1179530) - CVE-2020-26970: Fixed a stack overflow due to incorrect parsing of SMTP server response codes. - Various bug fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3642=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-78.5.1-3.110.2 MozillaThunderbird-debuginfo-78.5.1-3.110.2 MozillaThunderbird-debugsource-78.5.1-3.110.2 MozillaThunderbird-translations-common-78.5.1-3.110.2 MozillaThunderbird-translations-other-78.5.1-3.110.2 References: https://www.suse.com/security/cve/CVE-2020-26970.html https://bugzilla.suse.com/1179530 From sle-updates at lists.suse.com Mon Dec 7 13:16:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:16:17 +0100 (CET) Subject: SUSE-SU-2020:3648-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) Message-ID: <20201207201617.1D4B5FBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3648-1 Rating: important References: #1165631 #1173942 #1176931 #1177513 #1178622 Cross-References: CVE-2020-0429 CVE-2020-11668 CVE-2020-1749 CVE-2020-25645 CVE-2020-25668 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931). - CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3648=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3648=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_146-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_146-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25645.html https://www.suse.com/security/cve/CVE-2020-25668.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1177513 https://bugzilla.suse.com/1178622 From sle-updates at lists.suse.com Mon Dec 7 13:17:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:17:37 +0100 (CET) Subject: SUSE-SU-2020:3656-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) Message-ID: <20201207201737.8FDA4FBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3656-1 Rating: important References: #1165631 #1173942 #1176931 #1177513 Cross-References: CVE-2020-0429 CVE-2020-11668 CVE-2020-1749 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_135 fixes several issues. The following security issues were fixed: - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931). - CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3656=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3656=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_135-default-2-2.1 kgraft-patch-4_4_180-94_135-default-debuginfo-2-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_135-default-2-2.1 kgraft-patch-4_4_180-94_135-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1177513 From sle-updates at lists.suse.com Mon Dec 7 13:18:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:18:51 +0100 (CET) Subject: SUSE-RU-2020:3643-1: important: Recommended update for binutils Message-ID: <20201207201851.036C3FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3643-1 Rating: important References: #1179341 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: * Fix an incompatibility introduced in the latest update that broken the install scripts of the Oracle server. [bsc#1179341] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3643=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3643=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3643=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3643=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): binutils-2.35.1-6.20.1 binutils-debuginfo-2.35.1-6.20.1 binutils-debugsource-2.35.1-6.20.1 binutils-devel-2.35.1-6.20.1 libctf-nobfd0-2.35.1-6.20.1 libctf-nobfd0-debuginfo-2.35.1-6.20.1 libctf0-2.35.1-6.20.1 libctf0-debuginfo-2.35.1-6.20.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): binutils-devel-32bit-2.35.1-6.20.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): binutils-2.35.1-6.20.1 binutils-debuginfo-2.35.1-6.20.1 binutils-debugsource-2.35.1-6.20.1 binutils-devel-2.35.1-6.20.1 libctf-nobfd0-2.35.1-6.20.1 libctf-nobfd0-debuginfo-2.35.1-6.20.1 libctf0-2.35.1-6.20.1 libctf0-debuginfo-2.35.1-6.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): binutils-2.35.1-6.20.1 binutils-debuginfo-2.35.1-6.20.1 binutils-debugsource-2.35.1-6.20.1 binutils-devel-2.35.1-6.20.1 libctf-nobfd0-2.35.1-6.20.1 libctf-nobfd0-debuginfo-2.35.1-6.20.1 libctf0-2.35.1-6.20.1 libctf0-debuginfo-2.35.1-6.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): binutils-devel-32bit-2.35.1-6.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): binutils-2.35.1-6.20.1 binutils-debuginfo-2.35.1-6.20.1 binutils-debugsource-2.35.1-6.20.1 binutils-devel-2.35.1-6.20.1 libctf-nobfd0-2.35.1-6.20.1 libctf-nobfd0-debuginfo-2.35.1-6.20.1 libctf0-2.35.1-6.20.1 libctf0-debuginfo-2.35.1-6.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): binutils-devel-32bit-2.35.1-6.20.1 References: https://bugzilla.suse.com/1179341 From sle-updates at lists.suse.com Mon Dec 7 13:19:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:19:47 +0100 (CET) Subject: SUSE-SU-2020:3690-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP1) Message-ID: <20201207201947.59AEEFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3690-1 Rating: important References: #1178622 #1178783 Cross-References: CVE-2020-25668 CVE-2020-25705 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_67 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3690=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_67-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25705.html https://bugzilla.suse.com/1178622 https://bugzilla.suse.com/1178783 From sle-updates at lists.suse.com Mon Dec 7 13:20:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:20:51 +0100 (CET) Subject: SUSE-SU-2020:3698-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) Message-ID: <20201207202051.4D63DFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3698-1 Rating: important References: #1178622 Cross-References: CVE-2020-25668 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_51 fixes one issue. The following security issue was fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3698=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3675=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_37-default-2-2.1 kernel-livepatch-5_3_18-24_37-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_7-debugsource-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_51-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-25668.html https://bugzilla.suse.com/1178622 From sle-updates at lists.suse.com Mon Dec 7 13:21:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:21:47 +0100 (CET) Subject: SUSE-SU-2020:3653-1: important: Security update for xen Message-ID: <20201207202147.C3EEDFBB3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3653-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3653=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3653=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3653=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3653=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_14-2.45.1 xen-debugsource-4.11.4_14-2.45.1 xen-doc-html-4.11.4_14-2.45.1 xen-libs-32bit-4.11.4_14-2.45.1 xen-libs-4.11.4_14-2.45.1 xen-libs-debuginfo-32bit-4.11.4_14-2.45.1 xen-libs-debuginfo-4.11.4_14-2.45.1 xen-tools-4.11.4_14-2.45.1 xen-tools-debuginfo-4.11.4_14-2.45.1 xen-tools-domU-4.11.4_14-2.45.1 xen-tools-domU-debuginfo-4.11.4_14-2.45.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_14-2.45.1 xen-debugsource-4.11.4_14-2.45.1 xen-doc-html-4.11.4_14-2.45.1 xen-libs-32bit-4.11.4_14-2.45.1 xen-libs-4.11.4_14-2.45.1 xen-libs-debuginfo-32bit-4.11.4_14-2.45.1 xen-libs-debuginfo-4.11.4_14-2.45.1 xen-tools-4.11.4_14-2.45.1 xen-tools-debuginfo-4.11.4_14-2.45.1 xen-tools-domU-4.11.4_14-2.45.1 xen-tools-domU-debuginfo-4.11.4_14-2.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_14-2.45.1 xen-debugsource-4.11.4_14-2.45.1 xen-doc-html-4.11.4_14-2.45.1 xen-libs-32bit-4.11.4_14-2.45.1 xen-libs-4.11.4_14-2.45.1 xen-libs-debuginfo-32bit-4.11.4_14-2.45.1 xen-libs-debuginfo-4.11.4_14-2.45.1 xen-tools-4.11.4_14-2.45.1 xen-tools-debuginfo-4.11.4_14-2.45.1 xen-tools-domU-4.11.4_14-2.45.1 xen-tools-domU-debuginfo-4.11.4_14-2.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_14-2.45.1 xen-debugsource-4.11.4_14-2.45.1 xen-doc-html-4.11.4_14-2.45.1 xen-libs-32bit-4.11.4_14-2.45.1 xen-libs-4.11.4_14-2.45.1 xen-libs-debuginfo-32bit-4.11.4_14-2.45.1 xen-libs-debuginfo-4.11.4_14-2.45.1 xen-tools-4.11.4_14-2.45.1 xen-tools-debuginfo-4.11.4_14-2.45.1 xen-tools-domU-4.11.4_14-2.45.1 xen-tools-domU-debuginfo-4.11.4_14-2.45.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Mon Dec 7 13:23:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:23:24 +0100 (CET) Subject: SUSE-SU-2020:3670-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP5) Message-ID: <20201207202324.CBE50FBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3670-1 Rating: important References: #1178046 #1178622 #1178700 #1178783 Cross-References: CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-122_29 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3680=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3681=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3682=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3683=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3684=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3685=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3686=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3687=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3688=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-3689=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3663=1 SUSE-SLE-Live-Patching-12-SP5-2020-3664=1 SUSE-SLE-Live-Patching-12-SP5-2020-3665=1 SUSE-SLE-Live-Patching-12-SP5-2020-3666=1 SUSE-SLE-Live-Patching-12-SP5-2020-3667=1 SUSE-SLE-Live-Patching-12-SP5-2020-3668=1 SUSE-SLE-Live-Patching-12-SP5-2020-3669=1 SUSE-SLE-Live-Patching-12-SP5-2020-3670=1 SUSE-SLE-Live-Patching-12-SP5-2020-3671=1 SUSE-SLE-Live-Patching-12-SP5-2020-3672=1 SUSE-SLE-Live-Patching-12-SP5-2020-3673=1 SUSE-SLE-Live-Patching-12-SP5-2020-3674=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-3657=1 SUSE-SLE-Live-Patching-12-SP4-2020-3658=1 SUSE-SLE-Live-Patching-12-SP4-2020-3659=1 SUSE-SLE-Live-Patching-12-SP4-2020-3660=1 SUSE-SLE-Live-Patching-12-SP4-2020-3661=1 SUSE-SLE-Live-Patching-12-SP4-2020-3662=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_29-default-9-2.2 kernel-livepatch-4_12_14-197_34-default-8-2.2 kernel-livepatch-4_12_14-197_37-default-8-2.2 kernel-livepatch-4_12_14-197_40-default-7-2.2 kernel-livepatch-4_12_14-197_45-default-5-2.2 kernel-livepatch-4_12_14-197_48-default-5-2.1 kernel-livepatch-4_12_14-197_51-default-5-2.1 kernel-livepatch-4_12_14-197_56-default-4-2.1 kernel-livepatch-4_12_14-197_61-default-3-2.1 kernel-livepatch-4_12_14-197_64-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_17-default-8-2.2 kgraft-patch-4_12_14-122_20-default-7-2.2 kgraft-patch-4_12_14-122_23-default-5-2.2 kgraft-patch-4_12_14-122_26-default-5-2.2 kgraft-patch-4_12_14-122_29-default-5-2.1 kgraft-patch-4_12_14-122_32-default-5-2.1 kgraft-patch-4_12_14-122_37-default-4-2.1 kgraft-patch-4_12_14-122_41-default-3-2.1 kgraft-patch-4_12_14-122_46-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-120-default-9-3.2 kgraft-patch-4_12_14-120-default-debuginfo-9-3.2 kgraft-patch-4_12_14-122_12-default-9-2.2 kgraft-patch-4_12_14-122_7-default-9-2.2 kgraft-patch-SLE12-SP5_Update_0-debugsource-9-3.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-7-2.2 kgraft-patch-4_12_14-95_54-default-5-2.2 kgraft-patch-4_12_14-95_57-default-5-2.1 kgraft-patch-4_12_14-95_60-default-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_45-default-9-2.2 kgraft-patch-4_12_14-95_48-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-8694.html https://bugzilla.suse.com/1178046 https://bugzilla.suse.com/1178622 https://bugzilla.suse.com/1178700 https://bugzilla.suse.com/1178783 From sle-updates at lists.suse.com Mon Dec 7 13:25:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2020 21:25:55 +0100 (CET) Subject: SUSE-SU-2020:3651-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) Message-ID: <20201207202555.7A45CFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3651-1 Rating: important References: #1178622 #1178700 #1178783 Cross-References: CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_121 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3649=1 SUSE-SLE-SAP-12-SP3-2020-3650=1 SUSE-SLE-SAP-12-SP3-2020-3651=1 SUSE-SLE-SAP-12-SP3-2020-3652=1 SUSE-SLE-SAP-12-SP3-2020-3654=1 SUSE-SLE-SAP-12-SP3-2020-3655=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3644=1 SUSE-SLE-SAP-12-SP2-2020-3645=1 SUSE-SLE-SAP-12-SP2-2020-3646=1 SUSE-SLE-SAP-12-SP2-2020-3647=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3649=1 SUSE-SLE-SERVER-12-SP3-2020-3650=1 SUSE-SLE-SERVER-12-SP3-2020-3651=1 SUSE-SLE-SERVER-12-SP3-2020-3652=1 SUSE-SLE-SERVER-12-SP3-2020-3654=1 SUSE-SLE-SERVER-12-SP3-2020-3655=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3644=1 SUSE-SLE-SERVER-12-SP2-2020-3645=1 SUSE-SLE-SERVER-12-SP2-2020-3646=1 SUSE-SLE-SERVER-12-SP2-2020-3647=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3691=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3692=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3693=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3694=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3695=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3696=1 SUSE-SLE-Module-Live-Patching-15-SP2-2020-3697=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3676=1 SUSE-SLE-Module-Live-Patching-15-2020-3677=1 SUSE-SLE-Module-Live-Patching-15-2020-3678=1 SUSE-SLE-Module-Live-Patching-15-2020-3679=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-9-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_116-default-6-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_121-default-5-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_124-default-5-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_127-default-5-2.1 kgraft-patch-4_4_180-94_127-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_130-default-4-2.1 kgraft-patch-4_4_180-94_130-default-debuginfo-4-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-7-2.2 kgraft-patch-4_4_121-92_135-default-5-2.2 kgraft-patch-4_4_121-92_138-default-5-2.1 kgraft-patch-4_4_121-92_141-default-4-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-9-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_116-default-6-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_121-default-5-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_124-default-5-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_127-default-5-2.1 kgraft-patch-4_4_180-94_127-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_130-default-4-2.1 kgraft-patch-4_4_180-94_130-default-debuginfo-4-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-7-2.2 kgraft-patch-4_4_121-92_135-default-5-2.2 kgraft-patch-4_4_121-92_138-default-5-2.1 kgraft-patch-4_4_121-92_141-default-4-2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-5-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-5-5.2 kernel-livepatch-5_3_18-24_12-default-4-2.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-4-2.1 kernel-livepatch-5_3_18-24_15-default-4-2.1 kernel-livepatch-5_3_18-24_15-default-debuginfo-4-2.1 kernel-livepatch-5_3_18-24_24-default-4-2.1 kernel-livepatch-5_3_18-24_24-default-debuginfo-4-2.1 kernel-livepatch-5_3_18-24_29-default-2-2.1 kernel-livepatch-5_3_18-24_29-default-debuginfo-2-2.1 kernel-livepatch-5_3_18-24_34-default-2-2.1 kernel-livepatch-5_3_18-24_34-default-debuginfo-2-2.1 kernel-livepatch-5_3_18-24_9-default-5-2.1 kernel-livepatch-5_3_18-24_9-default-debuginfo-5-2.1 kernel-livepatch-SLE15-SP2_Update_0-debugsource-5-5.2 kernel-livepatch-SLE15-SP2_Update_1-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-4-2.1 kernel-livepatch-SLE15-SP2_Update_3-debugsource-4-2.1 kernel-livepatch-SLE15-SP2_Update_4-debugsource-4-2.1 kernel-livepatch-SLE15-SP2_Update_5-debugsource-2-2.1 kernel-livepatch-SLE15-SP2_Update_6-debugsource-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_47-default-9-2.2 kernel-livepatch-4_12_14-150_47-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_52-default-5-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-5-2.2 kernel-livepatch-4_12_14-150_55-default-5-2.1 kernel-livepatch-4_12_14-150_55-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-150_58-default-4-2.1 kernel-livepatch-4_12_14-150_58-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-8694.html https://bugzilla.suse.com/1178622 https://bugzilla.suse.com/1178700 https://bugzilla.suse.com/1178783 From sle-updates at lists.suse.com Mon Dec 7 16:15:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 00:15:34 +0100 (CET) Subject: SUSE-RU-2020:3701-1: important: Recommended update for libical Message-ID: <20201207231534.C8CA2F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libical ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3701-1 Rating: important References: #1178412 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libical fixes the following issue: - Correctly read `slim` timezone data. (bsc#1178412) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3701=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3701=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3701=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libical-glib-debugsource-3.0.6-4.3.1 libical-glib-devel-3.0.6-4.3.1 libical-glib3-3.0.6-4.3.1 libical-glib3-debuginfo-3.0.6-4.3.1 typelib-1_0-ICal-3_0-3.0.6-4.3.1 typelib-1_0-ICalGLib-3_0-3.0.6-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libical-debugsource-3.0.6-4.3.1 libical-devel-3.0.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libical-debugsource-3.0.6-4.3.1 libical3-3.0.6-4.3.1 libical3-debuginfo-3.0.6-4.3.1 References: https://bugzilla.suse.com/1178412 From sle-updates at lists.suse.com Mon Dec 7 16:17:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 00:17:23 +0100 (CET) Subject: SUSE-RU-2020:3700-1: important: Recommended update for libical Message-ID: <20201207231723.B3B15F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libical ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3700-1 Rating: important References: #1178412 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libical fixes the following issue: - Correctly read `slim` timezone data. (bsc#1178412) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3700=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3700=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3700=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3700=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3700=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3700=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libical-debugsource-2.0.0-3.4.1 libical2-2.0.0-3.4.1 libical2-debuginfo-2.0.0-3.4.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libical-debugsource-2.0.0-3.4.1 libical2-2.0.0-3.4.1 libical2-debuginfo-2.0.0-3.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libical-debugsource-2.0.0-3.4.1 libical-devel-2.0.0-3.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libical-debugsource-2.0.0-3.4.1 libical2-2.0.0-3.4.1 libical2-debuginfo-2.0.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libical-debugsource-2.0.0-3.4.1 libical2-2.0.0-3.4.1 libical2-debuginfo-2.0.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libical-debugsource-2.0.0-3.4.1 libical2-2.0.0-3.4.1 libical2-debuginfo-2.0.0-3.4.1 References: https://bugzilla.suse.com/1178412 From sle-updates at lists.suse.com Mon Dec 7 16:18:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 00:18:26 +0100 (CET) Subject: SUSE-RU-2020:3699-1: important: Recommended update for libical Message-ID: <20201207231826.510FEF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for libical ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3699-1 Rating: important References: #1178412 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libical fixes the following issue: - Correctly read `slim` timezone data. (bsc#1178412) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3699=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3699=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3699=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3699=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3699=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3699=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3699=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3699=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3699=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3699=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3699=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3699=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3699=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3699=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3699=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3699=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3699=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE OpenStack Cloud 9 (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE OpenStack Cloud 8 (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical-devel-1.0.1-16.7.1 libical-devel-static-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 - SUSE Enterprise Storage 5 (x86_64): libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 - HPE Helion Openstack 8 (x86_64): libical-debugsource-1.0.1-16.7.1 libical1-1.0.1-16.7.1 libical1-32bit-1.0.1-16.7.1 libical1-debuginfo-1.0.1-16.7.1 libical1-debuginfo-32bit-1.0.1-16.7.1 References: https://bugzilla.suse.com/1178412 From sle-updates at lists.suse.com Mon Dec 7 16:19:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 00:19:26 +0100 (CET) Subject: SUSE-RU-2020:3702-1: moderate: Recommended update for sssd Message-ID: <20201207231926.36E33F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3702-1 Rating: moderate References: #1179407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issue: - Fix wrong `memcache` path in spec file. (bsc#1179407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3702=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3702=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.14.1 libsss_idmap-devel-1.16.1-7.14.1 libsss_nss_idmap-devel-1.16.1-7.14.1 sssd-debuginfo-1.16.1-7.14.1 sssd-debugsource-1.16.1-7.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.14.1 libipa_hbac0-debuginfo-1.16.1-7.14.1 libsss_certmap0-1.16.1-7.14.1 libsss_certmap0-debuginfo-1.16.1-7.14.1 libsss_idmap0-1.16.1-7.14.1 libsss_idmap0-debuginfo-1.16.1-7.14.1 libsss_nss_idmap0-1.16.1-7.14.1 libsss_nss_idmap0-debuginfo-1.16.1-7.14.1 libsss_simpleifp0-1.16.1-7.14.1 libsss_simpleifp0-debuginfo-1.16.1-7.14.1 python-sssd-config-1.16.1-7.14.1 python-sssd-config-debuginfo-1.16.1-7.14.1 sssd-1.16.1-7.14.1 sssd-ad-1.16.1-7.14.1 sssd-ad-debuginfo-1.16.1-7.14.1 sssd-debuginfo-1.16.1-7.14.1 sssd-debugsource-1.16.1-7.14.1 sssd-ipa-1.16.1-7.14.1 sssd-ipa-debuginfo-1.16.1-7.14.1 sssd-krb5-1.16.1-7.14.1 sssd-krb5-common-1.16.1-7.14.1 sssd-krb5-common-debuginfo-1.16.1-7.14.1 sssd-krb5-debuginfo-1.16.1-7.14.1 sssd-ldap-1.16.1-7.14.1 sssd-ldap-debuginfo-1.16.1-7.14.1 sssd-proxy-1.16.1-7.14.1 sssd-proxy-debuginfo-1.16.1-7.14.1 sssd-tools-1.16.1-7.14.1 sssd-tools-debuginfo-1.16.1-7.14.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-32bit-1.16.1-7.14.1 sssd-debuginfo-32bit-1.16.1-7.14.1 References: https://bugzilla.suse.com/1179407 From sle-updates at lists.suse.com Mon Dec 7 16:20:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 00:20:25 +0100 (CET) Subject: SUSE-RU-2020:3703-1: moderate: Recommended update for aaa_base Message-ID: <20201207232025.8723AFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3703-1 Rating: moderate References: #1179431 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3703=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3703=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3703=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3703=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3703=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3703=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-3.45.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-extras-84.87+git20180409.04c9dae-3.45.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): aaa_base-84.87+git20180409.04c9dae-3.45.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-extras-84.87+git20180409.04c9dae-3.45.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.45.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.45.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.45.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-extras-84.87+git20180409.04c9dae-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.45.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.45.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.45.1 aaa_base-extras-84.87+git20180409.04c9dae-3.45.1 References: https://bugzilla.suse.com/1179431 From sle-updates at lists.suse.com Mon Dec 7 23:59:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 07:59:43 +0100 (CET) Subject: SUSE-CU-2020:747-1: Recommended update of suse/sle15 Message-ID: <20201208065943.EB513FBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:747-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.364 Container Release : 6.2.364 Severity : moderate Type : recommended References : 1179431 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 00:04:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 08:04:56 +0100 (CET) Subject: SUSE-CU-2020:748-1: Recommended update of suse/sle15 Message-ID: <20201208070456.280B8FBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:748-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.803 Container Release : 8.2.803 Severity : moderate Type : recommended References : 1179431 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 04:16:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 12:16:04 +0100 (CET) Subject: SUSE-RU-2020:3704-1: moderate: Recommended update for rook Message-ID: <20201208111604.84E49F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rook ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3704-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rook fixes the following issues: - Derive CSI and sidecar image versions from code defaults rather than images found in the build service. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2020-3704=1 Package List: - SUSE Enterprise Storage 7 (noarch): rook-ceph-helm-charts-1.4.7+git6.g3eaf6fda-3.9.1 rook-k8s-yaml-1.4.7+git6.g3eaf6fda-3.9.1 References: From sle-updates at lists.suse.com Tue Dec 8 04:17:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 12:17:06 +0100 (CET) Subject: SUSE-SU-2020:3705-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15) Message-ID: <20201208111706.18FC7F7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3705-1 Rating: important References: #1173942 Cross-References: CVE-2020-11668 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150_63 fixes one issue. The following security issue was fixed: - CVE-2020-11668: Fixed an improper handling of invalid descriptors in Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3705=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_63-default-2-2.1 kernel-livepatch-4_12_14-150_63-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2020-11668.html https://bugzilla.suse.com/1173942 From sle-updates at lists.suse.com Tue Dec 8 05:43:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:43:04 +0100 (CET) Subject: SUSE-CU-2020:750-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20201208124304.3FBCCF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:750-1 Container Tags : ses/7/cephcsi/cephcsi:3.1.1 , ses/7/cephcsi/cephcsi:3.1.1.0.3.88 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.1.1 , ses/7/cephcsi/cephcsi:v3.1.1.0 Container Release : 3.88 Severity : important Type : security References : 1176262 1176262 1178168 1178376 1179036 1179193 1179341 1179431 1179515 CVE-2019-20916 CVE-2019-20916 CVE-2020-25659 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:44:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:44:06 +0100 (CET) Subject: SUSE-CU-2020:752-1: Recommended update of ses/7/ceph/grafana Message-ID: <20201208124406.647F7F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:752-1 Container Tags : ses/7/ceph/grafana:7.1.5 , ses/7/ceph/grafana:7.1.5.3.304 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus Container Release : 3.304 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:45:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:45:56 +0100 (CET) Subject: SUSE-CU-2020:753-1: Security update of ses/7/ceph/ceph Message-ID: <20201208124556.339E4F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:753-1 Container Tags : ses/7/ceph/ceph:15.2.5.667 , ses/7/ceph/ceph:15.2.5.667.4.35 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 4.35 Severity : important Type : security References : 1176262 1176262 1178168 1178376 1179036 1179193 1179341 1179431 1179515 CVE-2019-20916 CVE-2019-20916 CVE-2020-25659 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:47:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:47:40 +0100 (CET) Subject: SUSE-CU-2020:754-1: Recommended update of ses/7/rook/ceph Message-ID: <20201208124740.B9AABF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:754-1 Container Tags : ses/7/rook/ceph:1.4.7 , ses/7/rook/ceph:1.4.7.6 , ses/7/rook/ceph:1.4.7.6.1.1397 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1397 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3704-1 Released: Tue Dec 8 08:31:07 2020 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - Derive CSI and sidecar image versions from code defaults rather than images found in the build service. From sle-updates at lists.suse.com Tue Dec 8 05:48:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:48:22 +0100 (CET) Subject: SUSE-CU-2020:755-1: Recommended update of ses/7/cephcsi/csi-attacher Message-ID: <20201208124822.71701F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:755-1 Container Tags : ses/7/cephcsi/csi-attacher:v2.1.0 , ses/7/cephcsi/csi-attacher:v2.1.0-rev1 , ses/7/cephcsi/csi-attacher:v2.1.0-rev1-build3.120 Container Release : 3.120 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:49:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:49:05 +0100 (CET) Subject: SUSE-CU-2020:756-1: Recommended update of ses/7/cephcsi/csi-livenessprobe Message-ID: <20201208124905.958ADF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-livenessprobe ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:756-1 Container Tags : ses/7/cephcsi/csi-livenessprobe:v1.1.0 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1-build3.117 Container Release : 3.117 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-livenessprobe was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:49:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:49:50 +0100 (CET) Subject: SUSE-CU-2020:757-1: Recommended update of ses/7/cephcsi/csi-node-driver-registrar Message-ID: <20201208124950.14358F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:757-1 Container Tags : ses/7/cephcsi/csi-node-driver-registrar:v1.3.0 , ses/7/cephcsi/csi-node-driver-registrar:v1.3.0-rev1 , ses/7/cephcsi/csi-node-driver-registrar:v1.3.0-rev1-build3.114 Container Release : 3.114 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:50:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:50:32 +0100 (CET) Subject: SUSE-CU-2020:758-1: Recommended update of ses/7/cephcsi/csi-provisioner Message-ID: <20201208125032.1AA3EF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:758-1 Container Tags : ses/7/cephcsi/csi-provisioner:v1.6.0 , ses/7/cephcsi/csi-provisioner:v1.6.0-rev1 , ses/7/cephcsi/csi-provisioner:v1.6.0-rev1-build3.108 Container Release : 3.108 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:51:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:51:13 +0100 (CET) Subject: SUSE-CU-2020:759-1: Recommended update of ses/7/cephcsi/csi-resizer Message-ID: <20201208125113.5C8E5F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:759-1 Container Tags : ses/7/cephcsi/csi-resizer:v0.5.0 , ses/7/cephcsi/csi-resizer:v0.5.0-rev1 , ses/7/cephcsi/csi-resizer:v0.5.0-rev1-build3.107 Container Release : 3.107 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:51:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:51:28 +0100 (CET) Subject: SUSE-CU-2020:760-1: Recommended update of ses/7/cephcsi/csi-snapshotter Message-ID: <20201208125128.67973F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:760-1 Container Tags : ses/7/cephcsi/csi-snapshotter:v2.1.0 , ses/7/cephcsi/csi-snapshotter:v2.1.0-rev1 , ses/7/cephcsi/csi-snapshotter:v2.1.0-rev1-build1.8 Container Release : 1.8 Severity : moderate Type : recommended References : 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:52:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:52:10 +0100 (CET) Subject: SUSE-CU-2020:761-1: Recommended update of ses/7/cephcsi/csi-snapshotter Message-ID: <20201208125210.3EB52F7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:761-1 Container Tags : ses/7/cephcsi/csi-snapshotter:v2.1.1 , ses/7/cephcsi/csi-snapshotter:v2.1.1-rev1 , ses/7/cephcsi/csi-snapshotter:v2.1.1-rev1-build3.107 Container Release : 3.107 Severity : moderate Type : recommended References : 1178376 1179431 1179515 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:52:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:52:58 +0100 (CET) Subject: SUSE-CU-2020:762-1: Security update of ses/7/prometheus-webhook-snmp Message-ID: <20201208125258.3A02DF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/prometheus-webhook-snmp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:762-1 Container Tags : ses/7/prometheus-webhook-snmp:1.4 , ses/7/prometheus-webhook-snmp:1.4.1.94 , ses/7/prometheus-webhook-snmp:latest , ses/7/prometheus-webhook-snmp:sle15.2.octopus Container Release : 1.94 Severity : important Type : security References : 1176262 1178376 1179193 1179431 1179515 CVE-2019-20916 ----------------------------------------------------------------- The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Tue Dec 8 05:54:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 13:54:44 +0100 (CET) Subject: SUSE-CU-2020:763-1: Security update of ses/7/rook/ceph Message-ID: <20201208125444.2248DF7E7@maintenance.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:763-1 Container Tags : ses/7/rook/ceph:1.4.7 , ses/7/rook/ceph:1.4.7.6 , ses/7/rook/ceph:1.4.7.6.1.1397 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1397 Severity : important Type : security References : 1176262 1176262 1178168 1178376 1179036 1179193 1179341 1179431 1179515 CVE-2019-20916 CVE-2019-20916 CVE-2020-25659 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3704-1 Released: Tue Dec 8 08:31:07 2020 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - Derive CSI and sidecar image versions from code defaults rather than images found in the build service. From sle-updates at lists.suse.com Tue Dec 8 07:15:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 15:15:38 +0100 (CET) Subject: SUSE-SU-2020:14557-1: important: Security update for xen Message-ID: <20201208141538.AC123F7E7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14557-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178935 #1178963 Cross-References: CVE-2020-25723 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1178935 - CVE-2020-25723: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14557=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14557=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_46_3.0.101_108.117-61.58.1 xen-libs-4.4.4_46-61.58.1 xen-tools-domU-4.4.4_46-61.58.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_46-61.58.1 xen-doc-html-4.4.4_46-61.58.1 xen-libs-32bit-4.4.4_46-61.58.1 xen-tools-4.4.4_46-61.58.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_46_3.0.101_108.117-61.58.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_46-61.58.1 xen-debugsource-4.4.4_46-61.58.1 References: https://www.suse.com/security/cve/CVE-2020-25723.html https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178935 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Tue Dec 8 07:17:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 15:17:05 +0100 (CET) Subject: SUSE-RU-2020:3708-1: moderate: Recommended update for python-shaptools, salt-shaptools Message-ID: <20201208141705.3AD5DF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-shaptools, salt-shaptools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3708-1 Rating: moderate References: SLE-4047 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-shaptools, salt-shaptools fixes the following issues: python-shaptools: Update from version 0.3.10+git.1600699158.46fca28 to version 0.3.11+git.1605798399.b036435 - Retrieve the currently installed ENSA version for Netweaver (only for ASCS and ERS instances). (jsc#SLE-4047) salt-shaptools: Update from version 0.3.10+git.1600699854.f5950bc to version 0.3.11+git.1605797958.ae2f08a - Improve extract_pydbapi to check recursively in subfolders (jsc#SLE-4047) - Implement a new state to set the ENSA version grains data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3708=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-3708=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): salt-shaptools-0.3.11+git.1605797958.ae2f08a-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): python3-shaptools-0.3.11+git.1605798399.b036435-3.6.1 salt-shaptools-0.3.11+git.1605797958.ae2f08a-3.6.1 References: From sle-updates at lists.suse.com Tue Dec 8 13:16:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 21:16:34 +0100 (CET) Subject: SUSE-RU-2020:3711-1: important: Recommended update for 389-ds Message-ID: <20201208201634.B3D7DFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3711-1 Rating: important References: #1176889 #1178445 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for 389-ds fixes the following issues: Update from version 1.4.3.12~git0.9bc042902 to version 1.4.3.17~git0.3c2d054e1 - Crash in `paged` chaining search. (bsc#1178445) - Mapping tree may be invalid. (bsc#1176889) - Use `MONOTONIC` clock for all timing events and conditions - Add `dsconf` replication monitor test case - Fix test: `SyncRepl` plugin provides a wrong cookie - Fix `lib389` and use system `TLS` policy - During setup and remove add and remove the new instance to the global dsrc to enable transparent administration. - UI - Handle objectclasses that do not have `X-ORIGIN` set Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3711=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.17~git0.3c2d054e1-3.9.1 389-ds-debuginfo-1.4.3.17~git0.3c2d054e1-3.9.1 389-ds-debugsource-1.4.3.17~git0.3c2d054e1-3.9.1 389-ds-devel-1.4.3.17~git0.3c2d054e1-3.9.1 lib389-1.4.3.17~git0.3c2d054e1-3.9.1 libsvrcore0-1.4.3.17~git0.3c2d054e1-3.9.1 libsvrcore0-debuginfo-1.4.3.17~git0.3c2d054e1-3.9.1 References: https://bugzilla.suse.com/1176889 https://bugzilla.suse.com/1178445 From sle-updates at lists.suse.com Tue Dec 8 13:17:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2020 21:17:34 +0100 (CET) Subject: SUSE-RU-2020:3710-1: moderate: Recommended update for sssd Message-ID: <20201208201734.DEBACFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3710-1 Rating: moderate References: #1179407 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix wrong memcache path. (bsc#1179407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3710=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3710=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3710=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3710=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.32.2 libipa_hbac0-debuginfo-1.16.1-4.32.2 libsss_certmap0-1.16.1-4.32.2 libsss_certmap0-debuginfo-1.16.1-4.32.2 libsss_idmap0-1.16.1-4.32.2 libsss_idmap0-debuginfo-1.16.1-4.32.2 libsss_nss_idmap0-1.16.1-4.32.2 libsss_nss_idmap0-debuginfo-1.16.1-4.32.2 libsss_simpleifp0-1.16.1-4.32.2 libsss_simpleifp0-debuginfo-1.16.1-4.32.2 python-sssd-config-1.16.1-4.32.2 python-sssd-config-debuginfo-1.16.1-4.32.2 sssd-1.16.1-4.32.2 sssd-32bit-1.16.1-4.32.2 sssd-ad-1.16.1-4.32.2 sssd-ad-debuginfo-1.16.1-4.32.2 sssd-debuginfo-1.16.1-4.32.2 sssd-debuginfo-32bit-1.16.1-4.32.2 sssd-debugsource-1.16.1-4.32.2 sssd-ipa-1.16.1-4.32.2 sssd-ipa-debuginfo-1.16.1-4.32.2 sssd-krb5-1.16.1-4.32.2 sssd-krb5-common-1.16.1-4.32.2 sssd-krb5-common-debuginfo-1.16.1-4.32.2 sssd-krb5-debuginfo-1.16.1-4.32.2 sssd-ldap-1.16.1-4.32.2 sssd-ldap-debuginfo-1.16.1-4.32.2 sssd-proxy-1.16.1-4.32.2 sssd-proxy-debuginfo-1.16.1-4.32.2 sssd-tools-1.16.1-4.32.2 sssd-tools-debuginfo-1.16.1-4.32.2 - SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.32.2 libipa_hbac0-debuginfo-1.16.1-4.32.2 libsss_certmap0-1.16.1-4.32.2 libsss_certmap0-debuginfo-1.16.1-4.32.2 libsss_idmap0-1.16.1-4.32.2 libsss_idmap0-debuginfo-1.16.1-4.32.2 libsss_nss_idmap0-1.16.1-4.32.2 libsss_nss_idmap0-debuginfo-1.16.1-4.32.2 libsss_simpleifp0-1.16.1-4.32.2 libsss_simpleifp0-debuginfo-1.16.1-4.32.2 python-sssd-config-1.16.1-4.32.2 python-sssd-config-debuginfo-1.16.1-4.32.2 sssd-1.16.1-4.32.2 sssd-32bit-1.16.1-4.32.2 sssd-ad-1.16.1-4.32.2 sssd-ad-debuginfo-1.16.1-4.32.2 sssd-debuginfo-1.16.1-4.32.2 sssd-debuginfo-32bit-1.16.1-4.32.2 sssd-debugsource-1.16.1-4.32.2 sssd-ipa-1.16.1-4.32.2 sssd-ipa-debuginfo-1.16.1-4.32.2 sssd-krb5-1.16.1-4.32.2 sssd-krb5-common-1.16.1-4.32.2 sssd-krb5-common-debuginfo-1.16.1-4.32.2 sssd-krb5-debuginfo-1.16.1-4.32.2 sssd-ldap-1.16.1-4.32.2 sssd-ldap-debuginfo-1.16.1-4.32.2 sssd-proxy-1.16.1-4.32.2 sssd-proxy-debuginfo-1.16.1-4.32.2 sssd-tools-1.16.1-4.32.2 sssd-tools-debuginfo-1.16.1-4.32.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.32.2 libipa_hbac0-debuginfo-1.16.1-4.32.2 libsss_certmap0-1.16.1-4.32.2 libsss_certmap0-debuginfo-1.16.1-4.32.2 libsss_idmap0-1.16.1-4.32.2 libsss_idmap0-debuginfo-1.16.1-4.32.2 libsss_nss_idmap0-1.16.1-4.32.2 libsss_nss_idmap0-debuginfo-1.16.1-4.32.2 libsss_simpleifp0-1.16.1-4.32.2 libsss_simpleifp0-debuginfo-1.16.1-4.32.2 python-sssd-config-1.16.1-4.32.2 python-sssd-config-debuginfo-1.16.1-4.32.2 sssd-1.16.1-4.32.2 sssd-ad-1.16.1-4.32.2 sssd-ad-debuginfo-1.16.1-4.32.2 sssd-debuginfo-1.16.1-4.32.2 sssd-debugsource-1.16.1-4.32.2 sssd-ipa-1.16.1-4.32.2 sssd-ipa-debuginfo-1.16.1-4.32.2 sssd-krb5-1.16.1-4.32.2 sssd-krb5-common-1.16.1-4.32.2 sssd-krb5-common-debuginfo-1.16.1-4.32.2 sssd-krb5-debuginfo-1.16.1-4.32.2 sssd-ldap-1.16.1-4.32.2 sssd-ldap-debuginfo-1.16.1-4.32.2 sssd-proxy-1.16.1-4.32.2 sssd-proxy-debuginfo-1.16.1-4.32.2 sssd-tools-1.16.1-4.32.2 sssd-tools-debuginfo-1.16.1-4.32.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.32.2 sssd-debuginfo-32bit-1.16.1-4.32.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.32.2 libipa_hbac0-debuginfo-1.16.1-4.32.2 libsss_certmap0-1.16.1-4.32.2 libsss_certmap0-debuginfo-1.16.1-4.32.2 libsss_idmap0-1.16.1-4.32.2 libsss_idmap0-debuginfo-1.16.1-4.32.2 libsss_nss_idmap0-1.16.1-4.32.2 libsss_nss_idmap0-debuginfo-1.16.1-4.32.2 libsss_simpleifp0-1.16.1-4.32.2 libsss_simpleifp0-debuginfo-1.16.1-4.32.2 python-sssd-config-1.16.1-4.32.2 python-sssd-config-debuginfo-1.16.1-4.32.2 sssd-1.16.1-4.32.2 sssd-ad-1.16.1-4.32.2 sssd-ad-debuginfo-1.16.1-4.32.2 sssd-debuginfo-1.16.1-4.32.2 sssd-debugsource-1.16.1-4.32.2 sssd-ipa-1.16.1-4.32.2 sssd-ipa-debuginfo-1.16.1-4.32.2 sssd-krb5-1.16.1-4.32.2 sssd-krb5-common-1.16.1-4.32.2 sssd-krb5-common-debuginfo-1.16.1-4.32.2 sssd-krb5-debuginfo-1.16.1-4.32.2 sssd-ldap-1.16.1-4.32.2 sssd-ldap-debuginfo-1.16.1-4.32.2 sssd-proxy-1.16.1-4.32.2 sssd-proxy-debuginfo-1.16.1-4.32.2 sssd-tools-1.16.1-4.32.2 sssd-tools-debuginfo-1.16.1-4.32.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.32.2 sssd-debuginfo-32bit-1.16.1-4.32.2 References: https://bugzilla.suse.com/1179407 From sle-updates at lists.suse.com Tue Dec 8 16:15:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 00:15:16 +0100 (CET) Subject: SUSE-SU-2020:3713-1: important: Security update for the Linux Kernel Message-ID: <20201208231516.3CBFAF7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3713-1 Rating: important References: #1149032 #1152489 #1153274 #1154353 #1154852 #1155518 #1160634 #1166146 #1166166 #1167030 #1167773 #1170139 #1170415 #1170446 #1171073 #1171558 #1172873 #1174527 #1175306 #1175918 #1176109 #1176180 #1176200 #1176481 #1176586 #1176855 #1176983 #1177066 #1177070 #1177353 #1177397 #1177666 #1177703 #1177820 #1178123 #1178182 #1178227 #1178286 #1178304 #1178330 #1178393 #1178401 #1178426 #1178461 #1178579 #1178581 #1178584 #1178585 #1178589 #1178591 #1178635 #1178653 #1178659 #1178661 #1178669 #1178686 #1178740 #1178755 #1178762 #1178838 #1178853 #1178886 #1179001 #1179012 #1179014 #1179015 #1179045 #1179076 #1179082 #1179107 #1179140 #1179141 #1179160 #1179201 #1179211 #1179217 #1179419 #1179424 #1179425 #1179426 #1179427 #1179429 #1179432 #1179442 #1179550 #1179802 SLE-8449 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-27777 CVE-2020-28368 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 CVE-2020-8694 CVE-2020-8695 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains one feature and has 71 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-8694, CVE-2020-8695: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415 bsc#1170446) - CVE-2020-28368: Fixed Intel RAPL sidechannel attack aka PLATYPUS attack (XSA-351 bsc#1178591). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix "BUG: invalid wait context" when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report "not charging" on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (git-fixes). - Revert "xfs: complain if anyone tries to create a too-large buffer" (bsc#1179425, bsc#1179550) - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (bsc#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair "fixed-link" support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3713=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.29.1 kernel-azure-debuginfo-5.3.18-18.29.1 kernel-azure-debugsource-5.3.18-18.29.1 kernel-azure-devel-5.3.18-18.29.1 kernel-azure-devel-debuginfo-5.3.18-18.29.1 kernel-syms-azure-5.3.18-18.29.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.29.1 kernel-source-azure-5.3.18-18.29.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28368.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28941.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29369.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2020-8694.html https://www.suse.com/security/cve/CVE-2020-8695.html https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154852 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1166146 https://bugzilla.suse.com/1166166 https://bugzilla.suse.com/1167030 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170415 https://bugzilla.suse.com/1170446 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1174527 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175918 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176180 https://bugzilla.suse.com/1176200 https://bugzilla.suse.com/1176481 https://bugzilla.suse.com/1176586 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177066 https://bugzilla.suse.com/1177070 https://bugzilla.suse.com/1177353 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178227 https://bugzilla.suse.com/1178286 https://bugzilla.suse.com/1178304 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178426 https://bugzilla.suse.com/1178461 https://bugzilla.suse.com/1178579 https://bugzilla.suse.com/1178581 https://bugzilla.suse.com/1178584 https://bugzilla.suse.com/1178585 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178653 https://bugzilla.suse.com/1178659 https://bugzilla.suse.com/1178661 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178740 https://bugzilla.suse.com/1178755 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179001 https://bugzilla.suse.com/1179012 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179076 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179160 https://bugzilla.suse.com/1179201 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179217 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179425 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179432 https://bugzilla.suse.com/1179442 https://bugzilla.suse.com/1179550 https://bugzilla.suse.com/1179802 From sle-updates at lists.suse.com Tue Dec 8 16:24:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 00:24:22 +0100 (CET) Subject: SUSE-SU-2020:3715-1: important: Security update for the Linux Kernel Message-ID: <20201208232422.1C99EFBB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3715-1 Rating: important References: #1050549 #1058115 #1067665 #1111666 #1112178 #1167030 #1170139 #1170415 #1170446 #1170630 #1172542 #1172873 #1174726 #1175306 #1175916 #1176109 #1176855 #1176907 #1176983 #1177304 #1177397 #1177703 #1177805 #1177808 #1177809 #1177819 #1177820 #1178123 #1178182 #1178393 #1178589 #1178591 #1178607 #1178635 #1178669 #1178686 #1178700 #1178765 #1178838 #1178853 #1178854 #1178878 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179211 #1179213 #1179259 #1179424 #1179426 #1179427 #927455 Cross-References: CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 CVE-2020-8694 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Fix potential use-after-free of streams (gix-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: ti: clockdomain: fix static checker warning (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - debugfs: Fix module state check condition (git-fixes). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: Add missing #include of in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - ocfs2: fix unbalanced locking (git-fixes). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Fix circular dependency between percpu.h and mmu.h (git-fixes). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair "fixed-link" support (git-fixes). - staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: force all memory allocations to node (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3715=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.38.1 kernel-source-azure-4.12.14-16.38.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.38.1 kernel-azure-base-4.12.14-16.38.1 kernel-azure-base-debuginfo-4.12.14-16.38.1 kernel-azure-debuginfo-4.12.14-16.38.1 kernel-azure-debugsource-4.12.14-16.38.1 kernel-azure-devel-4.12.14-16.38.1 kernel-syms-azure-4.12.14-16.38.1 References: https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-8694.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1167030 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170415 https://bugzilla.suse.com/1170446 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176907 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1177809 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178607 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178700 https://bugzilla.suse.com/1178765 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/927455 From sle-updates at lists.suse.com Tue Dec 8 16:30:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 00:30:26 +0100 (CET) Subject: SUSE-SU-2020:3714-1: important: Security update for the Linux Kernel Message-ID: <20201208233026.3A20AFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3714-1 Rating: important References: #1050549 #1067665 #1111666 #1112178 #1170139 #1172542 #1174726 #1175916 #1176109 #1177304 #1177397 #1177805 #1177808 #1178589 #1178635 #1178669 #1178853 #1178854 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179211 #1179213 #1179259 #1179424 #1179426 #1179427 Cross-References: CVE-2020-15437 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - KVM: arm64: Add missing #include of in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3714=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.55.1 kernel-azure-base-4.12.14-8.55.1 kernel-azure-base-debuginfo-4.12.14-8.55.1 kernel-azure-debuginfo-4.12.14-8.55.1 kernel-azure-devel-4.12.14-8.55.1 kernel-syms-azure-4.12.14-8.55.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.55.1 kernel-source-azure-4.12.14-8.55.1 References: https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 From sle-updates at lists.suse.com Wed Dec 9 00:03:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 08:03:50 +0100 (CET) Subject: SUSE-CU-2020:765-1: Recommended update of suse/sle15 Message-ID: <20201209070350.8D9FBFBB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:765-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.314 Container Release : 4.22.314 Severity : moderate Type : recommended References : 1179431 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Wed Dec 9 04:17:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 12:17:04 +0100 (CET) Subject: SUSE-RU-2018:3655-3: Optional update for gcc8 Message-ID: <20201209111704.217B5FBB3@maintenance.suse.de> SUSE Recommended Update: Optional update for gcc8 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3655-3 Rating: low References: #1084812 #1084842 #1087550 #1094222 #1102564 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3716=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3716=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3716=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): cpp8-8.2.1+r264010-1.3.7 cpp8-debuginfo-8.2.1+r264010-1.3.7 cross-nvptx-gcc8-8.2.1+r264010-1.3.3 cross-nvptx-newlib8-devel-8.2.1+r264010-1.3.3 gcc8-32bit-8.2.1+r264010-1.3.7 gcc8-8.2.1+r264010-1.3.7 gcc8-ada-8.2.1+r264010-1.3.7 gcc8-ada-debuginfo-8.2.1+r264010-1.3.7 gcc8-c++-32bit-8.2.1+r264010-1.3.7 gcc8-c++-8.2.1+r264010-1.3.7 gcc8-c++-debuginfo-8.2.1+r264010-1.3.7 gcc8-debuginfo-8.2.1+r264010-1.3.7 gcc8-debugsource-8.2.1+r264010-1.3.7 gcc8-fortran-32bit-8.2.1+r264010-1.3.7 gcc8-fortran-8.2.1+r264010-1.3.7 gcc8-fortran-debuginfo-8.2.1+r264010-1.3.7 gcc8-locale-8.2.1+r264010-1.3.7 libada8-8.2.1+r264010-1.3.7 libada8-debuginfo-8.2.1+r264010-1.3.7 libmpx2-32bit-8.2.1+r264010-1.3.7 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpx2-8.2.1+r264010-1.3.7 libmpx2-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-8.2.1+r264010-1.3.7 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-32bit-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-8.2.1+r264010-1.3.7 - SUSE Linux Enterprise Server for SAP 15 (noarch): gcc8-info-8.2.1+r264010-1.3.7 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cpp8-8.2.1+r264010-1.3.7 cpp8-debuginfo-8.2.1+r264010-1.3.7 cross-nvptx-gcc8-8.2.1+r264010-1.3.3 cross-nvptx-newlib8-devel-8.2.1+r264010-1.3.3 gcc8-32bit-8.2.1+r264010-1.3.7 gcc8-8.2.1+r264010-1.3.7 gcc8-ada-8.2.1+r264010-1.3.7 gcc8-ada-debuginfo-8.2.1+r264010-1.3.7 gcc8-c++-32bit-8.2.1+r264010-1.3.7 gcc8-c++-8.2.1+r264010-1.3.7 gcc8-c++-debuginfo-8.2.1+r264010-1.3.7 gcc8-debuginfo-8.2.1+r264010-1.3.7 gcc8-debugsource-8.2.1+r264010-1.3.7 gcc8-fortran-32bit-8.2.1+r264010-1.3.7 gcc8-fortran-8.2.1+r264010-1.3.7 gcc8-fortran-debuginfo-8.2.1+r264010-1.3.7 gcc8-locale-8.2.1+r264010-1.3.7 libada8-8.2.1+r264010-1.3.7 libada8-debuginfo-8.2.1+r264010-1.3.7 libmpx2-32bit-8.2.1+r264010-1.3.7 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpx2-8.2.1+r264010-1.3.7 libmpx2-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-8.2.1+r264010-1.3.7 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-32bit-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-8.2.1+r264010-1.3.7 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gcc8-info-8.2.1+r264010-1.3.7 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cpp8-8.2.1+r264010-1.3.7 cpp8-debuginfo-8.2.1+r264010-1.3.7 cross-nvptx-gcc8-8.2.1+r264010-1.3.3 cross-nvptx-newlib8-devel-8.2.1+r264010-1.3.3 gcc8-32bit-8.2.1+r264010-1.3.7 gcc8-8.2.1+r264010-1.3.7 gcc8-ada-8.2.1+r264010-1.3.7 gcc8-ada-debuginfo-8.2.1+r264010-1.3.7 gcc8-c++-32bit-8.2.1+r264010-1.3.7 gcc8-c++-8.2.1+r264010-1.3.7 gcc8-c++-debuginfo-8.2.1+r264010-1.3.7 gcc8-debuginfo-8.2.1+r264010-1.3.7 gcc8-debugsource-8.2.1+r264010-1.3.7 gcc8-fortran-32bit-8.2.1+r264010-1.3.7 gcc8-fortran-8.2.1+r264010-1.3.7 gcc8-fortran-debuginfo-8.2.1+r264010-1.3.7 gcc8-locale-8.2.1+r264010-1.3.7 libada8-8.2.1+r264010-1.3.7 libada8-debuginfo-8.2.1+r264010-1.3.7 libmpx2-32bit-8.2.1+r264010-1.3.7 libmpx2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpx2-8.2.1+r264010-1.3.7 libmpx2-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-8.2.1+r264010-1.3.7 libmpxwrappers2-32bit-debuginfo-8.2.1+r264010-1.3.7 libmpxwrappers2-8.2.1+r264010-1.3.7 libmpxwrappers2-debuginfo-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-32bit-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-8.2.1+r264010-1.3.7 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gcc8-info-8.2.1+r264010-1.3.7 References: https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1084842 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1094222 https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Wed Dec 9 07:15:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 15:15:40 +0100 (CET) Subject: SUSE-SU-2020:3717-1: important: Security update for the Linux Kernel Message-ID: <20201209141540.DCAFDF7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3717-1 Rating: important References: #1050549 #1067665 #1111666 #1112178 #1158775 #1170139 #1170630 #1172542 #1172873 #1174726 #1175306 #1175721 #1175916 #1176109 #1176855 #1176983 #1177304 #1177397 #1177703 #1177805 #1177808 #1177809 #1177819 #1177820 #1178123 #1178182 #1178393 #1178589 #1178607 #1178635 #1178669 #1178686 #1178765 #1178782 #1178838 #1178853 #1178854 #1178878 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179141 #1179211 #1179213 #1179259 #1179424 #1179426 #1179427 #1179429 #927455 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: force all memory allocations to node (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.54.1 kernel-default-debugsource-4.12.14-122.54.1 kernel-default-kgraft-4.12.14-122.54.1 kernel-default-kgraft-devel-4.12.14-122.54.1 kgraft-patch-4_12_14-122_54-default-1-8.3.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175721 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1177809 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178607 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178765 https://bugzilla.suse.com/1178782 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/927455 From sle-updates at lists.suse.com Wed Dec 9 07:22:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 15:22:05 +0100 (CET) Subject: SUSE-SU-2020:3718-1: important: Security update for the Linux Kernel Message-ID: <20201209142205.C0976F7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3718-1 Rating: important References: #1050549 #1067665 #1111666 #1112178 #1158775 #1170139 #1170630 #1172542 #1174726 #1175916 #1176109 #1177304 #1177397 #1177805 #1177808 #1177819 #1177820 #1178182 #1178589 #1178635 #1178669 #1178838 #1178853 #1178854 #1178878 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179141 #1179211 #1179213 #1179259 #1179403 #1179406 #1179418 #1179421 #1179424 #1179426 #1179427 #1179429 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25669 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kABI workaround for usermodehelper changes (bsc#1179406). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (bsc#1179418). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 kernel-default-extra-4.12.14-197.75.1 kernel-default-extra-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 reiserfs-kmp-default-4.12.14-197.75.1 reiserfs-kmp-default-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.75.1 kernel-obs-build-debugsource-4.12.14-197.75.1 kernel-syms-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.75.1 kernel-source-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.75.1 kernel-default-base-4.12.14-197.75.1 kernel-default-base-debuginfo-4.12.14-197.75.1 kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 kernel-default-devel-4.12.14-197.75.1 kernel-default-devel-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.75.1 kernel-macros-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.75.1 kernel-zfcpdump-debuginfo-4.12.14-197.75.1 kernel-zfcpdump-debugsource-4.12.14-197.75.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.75.1 cluster-md-kmp-default-debuginfo-4.12.14-197.75.1 dlm-kmp-default-4.12.14-197.75.1 dlm-kmp-default-debuginfo-4.12.14-197.75.1 gfs2-kmp-default-4.12.14-197.75.1 gfs2-kmp-default-debuginfo-4.12.14-197.75.1 kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 ocfs2-kmp-default-4.12.14-197.75.1 ocfs2-kmp-default-debuginfo-4.12.14-197.75.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179403 https://bugzilla.suse.com/1179406 https://bugzilla.suse.com/1179418 https://bugzilla.suse.com/1179421 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 From sle-updates at lists.suse.com Wed Dec 9 07:27:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 15:27:59 +0100 (CET) Subject: SUSE-SU-2020:3717-1: important: Security update for the Linux Kernel Message-ID: <20201209142759.595DCF7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3717-1 Rating: important References: #1050549 #1067665 #1111666 #1112178 #1158775 #1170139 #1170630 #1172542 #1172873 #1174726 #1175306 #1175721 #1175916 #1176109 #1176855 #1176983 #1177304 #1177397 #1177703 #1177805 #1177808 #1177809 #1177819 #1177820 #1178123 #1178182 #1178393 #1178589 #1178607 #1178635 #1178669 #1178686 #1178765 #1178782 #1178838 #1178853 #1178854 #1178878 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179141 #1179211 #1179213 #1179259 #1179424 #1179426 #1179427 #1179429 #927455 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: force all memory allocations to node (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.54.1 kernel-default-debugsource-4.12.14-122.54.1 kernel-default-extra-4.12.14-122.54.1 kernel-default-extra-debuginfo-4.12.14-122.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.54.1 kernel-obs-build-debugsource-4.12.14-122.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.54.1 kernel-default-base-4.12.14-122.54.1 kernel-default-base-debuginfo-4.12.14-122.54.1 kernel-default-debuginfo-4.12.14-122.54.1 kernel-default-debugsource-4.12.14-122.54.1 kernel-default-devel-4.12.14-122.54.1 kernel-syms-4.12.14-122.54.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.54.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.54.1 kernel-macros-4.12.14-122.54.1 kernel-source-4.12.14-122.54.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.54.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.54.1 kernel-default-debugsource-4.12.14-122.54.1 kernel-default-kgraft-4.12.14-122.54.1 kernel-default-kgraft-devel-4.12.14-122.54.1 kgraft-patch-4_12_14-122_54-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.54.1 cluster-md-kmp-default-debuginfo-4.12.14-122.54.1 dlm-kmp-default-4.12.14-122.54.1 dlm-kmp-default-debuginfo-4.12.14-122.54.1 gfs2-kmp-default-4.12.14-122.54.1 gfs2-kmp-default-debuginfo-4.12.14-122.54.1 kernel-default-debuginfo-4.12.14-122.54.1 kernel-default-debugsource-4.12.14-122.54.1 ocfs2-kmp-default-4.12.14-122.54.1 ocfs2-kmp-default-debuginfo-4.12.14-122.54.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175721 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1177809 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178607 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178765 https://bugzilla.suse.com/1178782 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/927455 From sle-updates at lists.suse.com Wed Dec 9 07:34:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 15:34:33 +0100 (CET) Subject: SUSE-SU-2020:3718-1: important: Security update for the Linux Kernel Message-ID: <20201209143433.8BE8EF7E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3718-1 Rating: important References: #1050549 #1067665 #1111666 #1112178 #1158775 #1170139 #1170630 #1172542 #1174726 #1175916 #1176109 #1177304 #1177397 #1177805 #1177808 #1177819 #1177820 #1178182 #1178589 #1178635 #1178669 #1178838 #1178853 #1178854 #1178878 #1178886 #1178897 #1178940 #1178962 #1179107 #1179140 #1179141 #1179211 #1179213 #1179259 #1179403 #1179406 #1179418 #1179421 #1179424 #1179426 #1179427 #1179429 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25669 CVE-2020-27777 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Drivers: hv: vmbus: Remove the unused "tsc_page" from struct hv_context (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kABI workaround for usermodehelper changes (bsc#1179406). - KVM: arm64: Add missing #include of - in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (bsc#1179418). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 kernel-default-extra-4.12.14-197.75.1 kernel-default-extra-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 kernel-default-livepatch-4.12.14-197.75.1 kernel-default-livepatch-devel-4.12.14-197.75.1 kernel-livepatch-4_12_14-197_75-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 reiserfs-kmp-default-4.12.14-197.75.1 reiserfs-kmp-default-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.75.1 kernel-obs-build-debugsource-4.12.14-197.75.1 kernel-syms-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.75.1 kernel-source-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.75.1 kernel-default-base-4.12.14-197.75.1 kernel-default-base-debuginfo-4.12.14-197.75.1 kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 kernel-default-devel-4.12.14-197.75.1 kernel-default-devel-debuginfo-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.75.1 kernel-macros-4.12.14-197.75.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.75.1 kernel-zfcpdump-debuginfo-4.12.14-197.75.1 kernel-zfcpdump-debugsource-4.12.14-197.75.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.75.1 cluster-md-kmp-default-debuginfo-4.12.14-197.75.1 dlm-kmp-default-4.12.14-197.75.1 dlm-kmp-default-debuginfo-4.12.14-197.75.1 gfs2-kmp-default-4.12.14-197.75.1 gfs2-kmp-default-debuginfo-4.12.14-197.75.1 kernel-default-debuginfo-4.12.14-197.75.1 kernel-default-debugsource-4.12.14-197.75.1 ocfs2-kmp-default-4.12.14-197.75.1 ocfs2-kmp-default-debuginfo-4.12.14-197.75.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29371.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172542 https://bugzilla.suse.com/1174726 https://bugzilla.suse.com/1175916 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1177304 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177805 https://bugzilla.suse.com/1177808 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1178897 https://bugzilla.suse.com/1178940 https://bugzilla.suse.com/1178962 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179213 https://bugzilla.suse.com/1179259 https://bugzilla.suse.com/1179403 https://bugzilla.suse.com/1179406 https://bugzilla.suse.com/1179418 https://bugzilla.suse.com/1179421 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 From sle-updates at lists.suse.com Wed Dec 9 10:16:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:16:02 +0100 (CET) Subject: SUSE-SU-2020:3723-1: moderate: Security update for python-urllib3 Message-ID: <20201209171602.0F6BBF7E7@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3723-1 Rating: moderate References: #1177120 Cross-References: CVE-2020-26137 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3723=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3723=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3723=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3723=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-urllib3-1.24-9.10.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-urllib3-1.24-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-urllib3-1.24-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-urllib3-1.24-9.10.1 References: https://www.suse.com/security/cve/CVE-2020-26137.html https://bugzilla.suse.com/1177120 From sle-updates at lists.suse.com Wed Dec 9 10:17:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:17:03 +0100 (CET) Subject: SUSE-RU-2020:3724-1: moderate: Recommended update for postfix Message-ID: <20201209171703.793CFF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3724-1 Rating: moderate References: #1176650 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postfix fixes the following issue: - Remove miss placed `fillup_only` call from `%verifyscript`. (bsc#1176650) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3724=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3724=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.2.10-3.24.1 postfix-debugsource-3.2.10-3.24.1 postfix-devel-3.2.10-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postfix-3.2.10-3.24.1 postfix-debuginfo-3.2.10-3.24.1 postfix-debugsource-3.2.10-3.24.1 postfix-mysql-3.2.10-3.24.1 postfix-mysql-debuginfo-3.2.10-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postfix-doc-3.2.10-3.24.1 References: https://bugzilla.suse.com/1176650 From sle-updates at lists.suse.com Wed Dec 9 10:19:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:19:06 +0100 (CET) Subject: SUSE-SU-2020:3720-1: important: Security update for openssl-1_1 Message-ID: <20201209171906.CE1BCF7E7@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3720-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3720=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.12.1 libopenssl1_1-1.1.0i-14.12.1 libopenssl1_1-debuginfo-1.1.0i-14.12.1 libopenssl1_1-hmac-1.1.0i-14.12.1 openssl-1_1-1.1.0i-14.12.1 openssl-1_1-debuginfo-1.1.0i-14.12.1 openssl-1_1-debugsource-1.1.0i-14.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.12.1 libopenssl1_1-32bit-1.1.0i-14.12.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.12.1 libopenssl1_1-hmac-32bit-1.1.0i-14.12.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Wed Dec 9 10:20:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:20:03 +0100 (CET) Subject: SUSE-RU-2020:3727-1: important: Recommended update for ucode-intel Message-ID: <20201209172003.2C720F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3727-1 Rating: important References: #1179224 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel fixes the following issues: - Reverted 3 microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3727=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): ucode-intel-20201118-3.45.1 References: https://bugzilla.suse.com/1179224 From sle-updates at lists.suse.com Wed Dec 9 10:21:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:21:59 +0100 (CET) Subject: SUSE-SU-2020:3729-1: important: Security update for clamav Message-ID: <20201209172159.CA51BF7E7@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3729-1 Rating: important References: #1118459 #1119353 #1144504 #1149458 #1151839 #1157763 #1171981 #1174250 #1174255 ECO-3010 Cross-References: CVE-2019-12625 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities, contains one feature and has one errata is now available. Description: This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * Fix freshclam crash in FIPS mode. (bsc#1119353) Update to version 0.102.4: Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) - Increase the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed. (bsc#1151839) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3729=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): clamav-0.103.0-3.3.1 clamav-debuginfo-0.103.0-3.3.1 clamav-debugsource-0.103.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12625.html https://www.suse.com/security/cve/CVE-2019-12900.html https://www.suse.com/security/cve/CVE-2019-15961.html https://www.suse.com/security/cve/CVE-2020-3123.html https://www.suse.com/security/cve/CVE-2020-3327.html https://www.suse.com/security/cve/CVE-2020-3341.html https://www.suse.com/security/cve/CVE-2020-3350.html https://www.suse.com/security/cve/CVE-2020-3481.html https://bugzilla.suse.com/1118459 https://bugzilla.suse.com/1119353 https://bugzilla.suse.com/1144504 https://bugzilla.suse.com/1149458 https://bugzilla.suse.com/1151839 https://bugzilla.suse.com/1157763 https://bugzilla.suse.com/1171981 https://bugzilla.suse.com/1174250 https://bugzilla.suse.com/1174255 From sle-updates at lists.suse.com Wed Dec 9 10:23:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:23:44 +0100 (CET) Subject: SUSE-SU-2020:3721-1: important: Security update for openssl-1_1 Message-ID: <20201209172344.79C3AF7E7@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3721-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3721=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.12.1 libopenssl1_1-1.1.1d-11.12.1 libopenssl1_1-debuginfo-1.1.1d-11.12.1 libopenssl1_1-hmac-1.1.1d-11.12.1 openssl-1_1-1.1.1d-11.12.1 openssl-1_1-debuginfo-1.1.1d-11.12.1 openssl-1_1-debugsource-1.1.1d-11.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.12.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.12.1 libopenssl1_1-hmac-32bit-1.1.1d-11.12.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Wed Dec 9 10:24:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:24:43 +0100 (CET) Subject: SUSE-SU-2020:3722-1: important: Security update for openssl-1_1 Message-ID: <20201209172443.DA7C4F7E7@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3722-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3722=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3722=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3722=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3722=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-4.54.1 libopenssl1_1-1.1.0i-4.54.1 libopenssl1_1-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-1.1.0i-4.54.1 openssl-1_1-1.1.0i-4.54.1 openssl-1_1-debuginfo-1.1.0i-4.54.1 openssl-1_1-debugsource-1.1.0i-4.54.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.54.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-32bit-1.1.0i-4.54.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-4.54.1 libopenssl1_1-1.1.0i-4.54.1 libopenssl1_1-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-1.1.0i-4.54.1 openssl-1_1-1.1.0i-4.54.1 openssl-1_1-debuginfo-1.1.0i-4.54.1 openssl-1_1-debugsource-1.1.0i-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.54.1 libopenssl1_1-1.1.0i-4.54.1 libopenssl1_1-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-1.1.0i-4.54.1 openssl-1_1-1.1.0i-4.54.1 openssl-1_1-debuginfo-1.1.0i-4.54.1 openssl-1_1-debugsource-1.1.0i-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-4.54.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-32bit-1.1.0i-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.54.1 libopenssl1_1-1.1.0i-4.54.1 libopenssl1_1-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-1.1.0i-4.54.1 openssl-1_1-1.1.0i-4.54.1 openssl-1_1-debuginfo-1.1.0i-4.54.1 openssl-1_1-debugsource-1.1.0i-4.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-4.54.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.54.1 libopenssl1_1-hmac-32bit-1.1.0i-4.54.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Wed Dec 9 10:25:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:25:41 +0100 (CET) Subject: SUSE-RU-2020:3725-1: moderate: Recommended update for postfix Message-ID: <20201209172541.8EBFDF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3725-1 Rating: moderate References: #1176650 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postfix fixes the following issues: - Remove miss placed `fillup_only` call from `%verifyscript`. (bsc#1176650) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3725=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3725=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.18.1 postfix-debugsource-3.3.1-5.18.1 postfix-mysql-3.3.1-5.18.1 postfix-mysql-debuginfo-3.3.1-5.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): postfix-3.3.1-5.18.1 postfix-debuginfo-3.3.1-5.18.1 postfix-debugsource-3.3.1-5.18.1 postfix-devel-3.3.1-5.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postfix-doc-3.3.1-5.18.1 References: https://bugzilla.suse.com/1176650 From sle-updates at lists.suse.com Wed Dec 9 10:27:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:27:34 +0100 (CET) Subject: SUSE-RU-2020:3728-1: important: Recommended update for ucode-intel Message-ID: <20201209172734.392F7F7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3728-1 Rating: important References: #1179224 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel fixes the following issues: - Reverted 3 microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3728=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20201118-3.29.1 ucode-intel-debuginfo-20201118-3.29.1 ucode-intel-debugsource-20201118-3.29.1 References: https://bugzilla.suse.com/1179224 From sle-updates at lists.suse.com Wed Dec 9 10:28:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 18:28:33 +0100 (CET) Subject: SUSE-RU-2020:3726-1: moderate: Recommended update for postfix Message-ID: <20201209172833.19D5BF7E7@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3726-1 Rating: moderate References: #1176650 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postfix fixes the following issue: - Remove miss placed `fillup_only` call from `%verifyscript`. (bsc#1176650) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3726=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3726=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.4.7-3.3.1 postfix-debugsource-3.4.7-3.3.1 postfix-mysql-3.4.7-3.3.1 postfix-mysql-debuginfo-3.4.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postfix-3.4.7-3.3.1 postfix-debuginfo-3.4.7-3.3.1 postfix-debugsource-3.4.7-3.3.1 postfix-devel-3.4.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): postfix-doc-3.4.7-3.3.1 References: https://bugzilla.suse.com/1176650 From sle-updates at lists.suse.com Wed Dec 9 13:15:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2020 21:15:33 +0100 (CET) Subject: SUSE-RU-2020:3731-1: moderate: Recommended update for realmd Message-ID: <20201209201533.0455CFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for realmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3731-1 Rating: moderate References: #1175617 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for realmd fixes the following issues: - Fix the `Name Service Switch` (`nsswitch`) handling when joining and leaving a domain. (bsc#1175617) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3731=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): realmd-0.16.3-3.6.1 realmd-debuginfo-0.16.3-3.6.1 realmd-debugsource-0.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): realmd-lang-0.16.3-3.6.1 References: https://bugzilla.suse.com/1175617 From sle-updates at lists.suse.com Wed Dec 9 16:15:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:15:39 +0100 (CET) Subject: SUSE-SU-2020:3737-1: moderate: Security update for python-pip, python-scripttest Message-ID: <20201209231539.B66B8FD10@maintenance.suse.de> SUSE Security Update: Security update for python-pip, python-scripttest ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3737-1 Rating: moderate References: #1175297 #1176262 ECO-3035 Cross-References: CVE-2019-20916 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 (bsc#1175297, jsc#ECO-3035, jsc#PM-2318) python-pip was updated to 20.0.2: * Fix a regression in generation of compatibility tags * Rename an internal module, to avoid ImportErrors due to improper uninstallation * Switch to a dedicated CLI tool for vendoring dependencies. * Remove wheel tag calculation from pip and use packaging.tags. This should provide more tags ordered better than in prior releases. * Deprecate setup.py-based builds that do not generate an .egg-info directory. * The pip>=20 wheel cache is not retro-compatible with previous versions. Until pip 21.0, pip will continue to take advantage of existing legacy cache entries. * Deprecate undocumented --skip-requirements-regex option. * Deprecate passing install-location-related options via --install-option. * Use literal "abi3" for wheel tag on CPython 3.x, to align with PEP 384 which only defines it for this platform. * Remove interpreter-specific major version tag e.g. cp3-none-any from consideration. This behavior was not documented strictly, and this tag in particular is not useful. Anyone with a use case can create an issue with pypa/packaging. * Wheel processing no longer permits wheels containing more than one top-level .dist-info directory. * Support for the git+git@ form of VCS requirement is being deprecated and will be removed in pip 21.0. Switch to git+https:// or git+ssh://. git+git:// also works but its use is discouraged as it is insecure. * Default to doing a user install (as if --user was passed) when the main site-packages directory is not writeable and user site-packages are enabled. * Warn if a path in PATH starts with tilde during pip install. * Cache wheels built from Git requirements that are considered immutable, because they point to a commit hash. * Add option --no-python-version-warning to silence warnings related to deprecation of Python versions. * Cache wheels that pip wheel built locally, matching what pip install does. This particularly helps performance in workflows where pip wheel is used for building before installing. Users desiring the original behavior can use pip wheel --no-cache-dir * Display CA information in pip debug. * Show only the filename (instead of full URL), when downloading from PyPI. * Suggest a more robust command to upgrade pip itself to avoid confusion when the current pip command is not available as pip. * Define all old pip console script entrypoints to prevent import issues in stale wrapper scripts. * The build step of pip wheel now builds all wheels to a cache first, then copies them to the wheel directory all at once. Before, it built them to a temporary directory and moved them to the wheel directory one by one. * Expand ~ prefix to user directory in path options, configs, and environment variables. Values that may be either URL or path are not currently supported, to avoid ambiguity: --find-links --constraint, -c --requirement, -r --editable, -e * Correctly handle system site-packages, in virtual environments created with venv (PEP 405). * Fix case sensitive comparison of pip freeze when used with -r option. * Enforce PEP 508 requirement format in pyproject.toml build-system.requires. * Make ensure_dir() also ignore ENOTEMPTY as seen on Windows. * Fix building packages which specify backend-path in pyproject.toml. * Do not attempt to run setup.py clean after a pep517 build error, since a setup.py may not exist in that case. * Fix passwords being visible in the index-url in "Downloading " message. * Change method from shutil.remove to shutil.rmtree in noxfile.py. * Skip running tests which require subversion, when svn isn't installed * Fix not sending client certificates when using --trusted-host. * Make sure pip wheel never outputs pure python wheels with a python implementation tag. Better fix/workaround for #3025 by using a per-implementation wheel cache instead of caching pure python wheels with an implementation tag in their name. * Include subdirectory URL fragments in cache keys. * Fix typo in warning message when any of --build-option, --global-option and --install-option is used in requirements.txt * Fix the logging of cached HTTP response shown as downloading. * Effectively disable the wheel cache when it is not writable, as is the case with the http cache. * Correctly handle relative cache directory provided via --cache-dir. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3737=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3737=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3737=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3737=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-pip-20.0.2-6.12.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-pip-20.0.2-6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-pip-20.0.2-6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-pip-20.0.2-6.12.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1175297 https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Dec 9 16:16:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:16:47 +0100 (CET) Subject: SUSE-SU-2020:14560-1: important: Security update for openssl1 Message-ID: <20201209231647.11485FD10@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14560-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14560=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl1-14560=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.30.1 libopenssl1_0_0-1.0.1g-0.58.30.1 openssl1-1.0.1g-0.58.30.1 openssl1-doc-1.0.1g-0.58.30.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.30.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl1-debuginfo-1.0.1g-0.58.30.1 openssl1-debugsource-1.0.1g-0.58.30.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Wed Dec 9 16:17:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:17:43 +0100 (CET) Subject: SUSE-SU-2020:3733-1: moderate: Security update for curl Message-ID: <20201209231743.9AA4FFD10@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3733-1 Rating: moderate References: #1179398 #1179399 #1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3733=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.35.1 curl-debuginfo-7.60.0-3.35.1 curl-debugsource-7.60.0-3.35.1 libcurl-devel-7.60.0-3.35.1 libcurl4-7.60.0-3.35.1 libcurl4-debuginfo-7.60.0-3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.35.1 libcurl4-32bit-debuginfo-7.60.0-3.35.1 References: https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 From sle-updates at lists.suse.com Wed Dec 9 16:18:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:18:51 +0100 (CET) Subject: SUSE-SU-2020:3736-1: moderate: Security update for openssh Message-ID: <20201209231851.843F9FD10@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3736-1 Rating: moderate References: #1173513 Cross-References: CVE-2020-14145 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3736=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3736=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3736=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.1p1-5.9.1 openssh-debugsource-8.1p1-5.9.1 openssh-fips-8.1p1-5.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.1p1-5.9.1 openssh-askpass-gnome-debuginfo-8.1p1-5.9.1 openssh-askpass-gnome-debugsource-8.1p1-5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-8.1p1-5.9.1 openssh-debuginfo-8.1p1-5.9.1 openssh-debugsource-8.1p1-5.9.1 openssh-helpers-8.1p1-5.9.1 openssh-helpers-debuginfo-8.1p1-5.9.1 References: https://www.suse.com/security/cve/CVE-2020-14145.html https://bugzilla.suse.com/1173513 From sle-updates at lists.suse.com Wed Dec 9 16:19:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:19:49 +0100 (CET) Subject: SUSE-SU-2020:3732-1: important: Security update for openssl-1_0_0 Message-ID: <20201209231949.C4740FD10@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3732-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3732=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3732=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3732=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3732=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3732=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3732=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 libopenssl1_0_0-1.0.2p-3.30.1 libopenssl1_0_0-32bit-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1 libopenssl1_0_0-hmac-1.0.2p-3.30.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1 openssl-1_0_0-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.30.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.30.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 libopenssl1_0_0-1.0.2p-3.30.1 libopenssl1_0_0-32bit-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1 libopenssl1_0_0-hmac-1.0.2p-3.30.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1 openssl-1_0_0-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 libopenssl1_0_0-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-1.0.2p-3.30.1 libopenssl1_0_0-hmac-1.0.2p-3.30.1 openssl-1_0_0-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 libopenssl1_0_0-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-1.0.2p-3.30.1 libopenssl1_0_0-hmac-1.0.2p-3.30.1 openssl-1_0_0-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.30.1 libopenssl1_0_0-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-1.0.2p-3.30.1 libopenssl1_0_0-hmac-1.0.2p-3.30.1 openssl-1_0_0-1.0.2p-3.30.1 openssl-1_0_0-debuginfo-1.0.2p-3.30.1 openssl-1_0_0-debugsource-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.30.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.30.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Wed Dec 9 16:20:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 00:20:47 +0100 (CET) Subject: SUSE-SU-2020:3735-1: moderate: Security update for curl Message-ID: <20201209232047.794B9FD10@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3735-1 Rating: moderate References: #1179398 #1179399 #1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3735=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.11.1 curl-debuginfo-7.66.0-4.11.1 curl-debugsource-7.66.0-4.11.1 libcurl-devel-7.66.0-4.11.1 libcurl4-7.66.0-4.11.1 libcurl4-debuginfo-7.66.0-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.11.1 libcurl4-32bit-debuginfo-7.66.0-4.11.1 References: https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 From sle-updates at lists.suse.com Thu Dec 10 00:20:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 08:20:52 +0100 (CET) Subject: SUSE-CU-2020:769-1: Security update of suse/sle15 Message-ID: <20201210072052.3CBF7FD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:769-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.367 Container Release : 6.2.367 Severity : important Type : security References : 1179398 1179399 1179491 1179593 CVE-2020-1971 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). From sle-updates at lists.suse.com Wed Dec 9 23:54:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 07:54:02 +0100 (CET) Subject: SUSE-CU-2020:767-1: Security update of suse/sles12sp5 Message-ID: <20201210065402.2C76FFD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:767-1 Container Tags : suse/sles12sp5:6.5.105 , suse/sles12sp5:latest Container Release : 6.5.105 Severity : important Type : security References : 1179491 CVE-2020-1971 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3732-1 Released: Wed Dec 9 18:18:03 2020 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). From sle-updates at lists.suse.com Thu Dec 10 00:26:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 08:26:01 +0100 (CET) Subject: SUSE-CU-2020:770-1: Security update of suse/sle15 Message-ID: <20201210072601.40BCBFD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:770-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.806 Container Release : 8.2.806 Severity : important Type : security References : 1179398 1179399 1179491 1179593 CVE-2020-1971 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). From sle-updates at lists.suse.com Thu Dec 10 00:08:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 08:08:30 +0100 (CET) Subject: SUSE-CU-2020:768-1: Security update of suse/sle15 Message-ID: <20201210070830.5610DFD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:768-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.316 Container Release : 4.22.316 Severity : important Type : security References : 1179398 1179399 1179491 1179593 CVE-2020-1971 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3722-1 Released: Wed Dec 9 13:37:08 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). From sle-updates at lists.suse.com Thu Dec 10 04:15:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 12:15:28 +0100 (CET) Subject: SUSE-RU-2020:3738-1: important: Recommended update for ucode-intel Message-ID: <20201210111528.396FDFD10@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3738-1 Rating: important References: #1179224 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel fixes the following issues: - Reverted 3 microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3738=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3738=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3738=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): ucode-intel-20201118-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): ucode-intel-20201118-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): ucode-intel-20201118-3.61.1 References: https://bugzilla.suse.com/1179224 From sle-updates at lists.suse.com Thu Dec 10 07:15:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:15:47 +0100 (CET) Subject: SUSE-RU-2020:3743-1: important: Recommended update for ucode-intel Message-ID: <20201210141547.DB955FD1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3743-1 Rating: important References: #1179224 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ucode-intel fixes the following issues: - Reverted 3 microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3743=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3743=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3743=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3743=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3743=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3743=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3743=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3743=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3743=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3743=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3743=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3743=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3743=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3743=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3743=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE OpenStack Cloud 9 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE OpenStack Cloud 8 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - SUSE Enterprise Storage 5 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 - HPE Helion Openstack 8 (x86_64): ucode-intel-20201118-13.84.1 ucode-intel-debuginfo-20201118-13.84.1 ucode-intel-debugsource-20201118-13.84.1 References: https://bugzilla.suse.com/1179224 From sle-updates at lists.suse.com Thu Dec 10 07:16:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:16:46 +0100 (CET) Subject: SUSE-RU-2020:3741-1: moderate: Recommended update for ceph Message-ID: <20201210141646.7473DFD1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3741-1 Rating: moderate References: #1179452 #1179526 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - Fixed an issue when reading a large 'RGW' object takes too long and can cause data loss. (bsc#1179526) - Fixed a build issue caused by missing nautilus module named 'six'. (bsc#1179452) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3741=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2020-3741=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.7.689+g2c35e99e0a-3.8.1 ceph-common-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 ceph-debugsource-15.2.7.689+g2c35e99e0a-3.8.1 libcephfs-devel-15.2.7.689+g2c35e99e0a-3.8.1 libcephfs2-15.2.7.689+g2c35e99e0a-3.8.1 libcephfs2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librados-devel-15.2.7.689+g2c35e99e0a-3.8.1 librados-devel-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librados2-15.2.7.689+g2c35e99e0a-3.8.1 librados2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 libradospp-devel-15.2.7.689+g2c35e99e0a-3.8.1 librbd-devel-15.2.7.689+g2c35e99e0a-3.8.1 librbd1-15.2.7.689+g2c35e99e0a-3.8.1 librbd1-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librgw-devel-15.2.7.689+g2c35e99e0a-3.8.1 librgw2-15.2.7.689+g2c35e99e0a-3.8.1 librgw2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-ceph-argparse-15.2.7.689+g2c35e99e0a-3.8.1 python3-ceph-common-15.2.7.689+g2c35e99e0a-3.8.1 python3-cephfs-15.2.7.689+g2c35e99e0a-3.8.1 python3-cephfs-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rados-15.2.7.689+g2c35e99e0a-3.8.1 python3-rados-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rbd-15.2.7.689+g2c35e99e0a-3.8.1 python3-rbd-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rgw-15.2.7.689+g2c35e99e0a-3.8.1 python3-rgw-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 rados-objclass-devel-15.2.7.689+g2c35e99e0a-3.8.1 rbd-nbd-15.2.7.689+g2c35e99e0a-3.8.1 rbd-nbd-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ceph-base-15.2.7.689+g2c35e99e0a-3.8.1 ceph-base-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 ceph-common-15.2.7.689+g2c35e99e0a-3.8.1 ceph-common-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 ceph-debugsource-15.2.7.689+g2c35e99e0a-3.8.1 cephadm-15.2.7.689+g2c35e99e0a-3.8.1 libcephfs2-15.2.7.689+g2c35e99e0a-3.8.1 libcephfs2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librados2-15.2.7.689+g2c35e99e0a-3.8.1 librados2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librbd1-15.2.7.689+g2c35e99e0a-3.8.1 librbd1-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 librgw2-15.2.7.689+g2c35e99e0a-3.8.1 librgw2-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-ceph-argparse-15.2.7.689+g2c35e99e0a-3.8.1 python3-ceph-common-15.2.7.689+g2c35e99e0a-3.8.1 python3-cephfs-15.2.7.689+g2c35e99e0a-3.8.1 python3-cephfs-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rados-15.2.7.689+g2c35e99e0a-3.8.1 python3-rados-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rbd-15.2.7.689+g2c35e99e0a-3.8.1 python3-rbd-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 python3-rgw-15.2.7.689+g2c35e99e0a-3.8.1 python3-rgw-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 rbd-nbd-15.2.7.689+g2c35e99e0a-3.8.1 rbd-nbd-debuginfo-15.2.7.689+g2c35e99e0a-3.8.1 References: https://bugzilla.suse.com/1179452 https://bugzilla.suse.com/1179526 From sle-updates at lists.suse.com Thu Dec 10 07:17:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:17:46 +0100 (CET) Subject: SUSE-SU-2020:3742-1: important: Security update for xen Message-ID: <20201210141746.99688FD1B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3742-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 #1178591 #1178963 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3742=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3742=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3742=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3742=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_12-43.70.1 xen-debugsource-4.7.6_12-43.70.1 xen-doc-html-4.7.6_12-43.70.1 xen-libs-32bit-4.7.6_12-43.70.1 xen-libs-4.7.6_12-43.70.1 xen-libs-debuginfo-32bit-4.7.6_12-43.70.1 xen-libs-debuginfo-4.7.6_12-43.70.1 xen-tools-4.7.6_12-43.70.1 xen-tools-debuginfo-4.7.6_12-43.70.1 xen-tools-domU-4.7.6_12-43.70.1 xen-tools-domU-debuginfo-4.7.6_12-43.70.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_12-43.70.1 xen-debugsource-4.7.6_12-43.70.1 xen-doc-html-4.7.6_12-43.70.1 xen-libs-32bit-4.7.6_12-43.70.1 xen-libs-4.7.6_12-43.70.1 xen-libs-debuginfo-32bit-4.7.6_12-43.70.1 xen-libs-debuginfo-4.7.6_12-43.70.1 xen-tools-4.7.6_12-43.70.1 xen-tools-debuginfo-4.7.6_12-43.70.1 xen-tools-domU-4.7.6_12-43.70.1 xen-tools-domU-debuginfo-4.7.6_12-43.70.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_12-43.70.1 xen-debugsource-4.7.6_12-43.70.1 xen-doc-html-4.7.6_12-43.70.1 xen-libs-32bit-4.7.6_12-43.70.1 xen-libs-4.7.6_12-43.70.1 xen-libs-debuginfo-32bit-4.7.6_12-43.70.1 xen-libs-debuginfo-4.7.6_12-43.70.1 xen-tools-4.7.6_12-43.70.1 xen-tools-debuginfo-4.7.6_12-43.70.1 xen-tools-domU-4.7.6_12-43.70.1 xen-tools-domU-debuginfo-4.7.6_12-43.70.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_12-43.70.1 xen-debugsource-4.7.6_12-43.70.1 xen-doc-html-4.7.6_12-43.70.1 xen-libs-32bit-4.7.6_12-43.70.1 xen-libs-4.7.6_12-43.70.1 xen-libs-debuginfo-32bit-4.7.6_12-43.70.1 xen-libs-debuginfo-4.7.6_12-43.70.1 xen-tools-4.7.6_12-43.70.1 xen-tools-debuginfo-4.7.6_12-43.70.1 xen-tools-domU-4.7.6_12-43.70.1 xen-tools-domU-debuginfo-4.7.6_12-43.70.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27674.html https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 From sle-updates at lists.suse.com Thu Dec 10 07:19:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:19:09 +0100 (CET) Subject: SUSE-RU-2020:3744-1: moderate: Recommended update for enigmail Message-ID: <20201210141909.C6586FD1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3744-1 Rating: moderate References: #1179505 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for enigmail fixes the following issues: Update from version 2.1.5 to version 2.2.4 - Enigmail version 2.2.x is a specially modified version, which only works with Thunderbird 78 and later version. Enigmail 2.2.x doesn't provide the traditional functionality, rather it exists to help you migrate your keys and settings to Thunderbird 78. Fixes included from version 2.1.5 to 2.1.8: - "Encrypt to key" action destroys PGP/MIME signature. - Filter fails silently on Enigmail's "Encrypt to key" action. - Disable autocrypt header on custom sender address. - `VKS` keyserver with custom port cannot be accessed. - Thunderbird dies immediately when sending a signed empty-bodied mail. - Decrypted mail has empty `Content-Type` in the `MIME` part. - Improper `Content-Type` setting for keyserver upload. - Display information about Thunderbird 78. - Minor rendering problem with `Deep Dark` theme. - Setup Wizard gets Stuck if Keys in GnuPG available. - Cannot confirm publish GnuPG key on `WKS` server. - Automatic Key Refresh doesn't work with `keys.openpgp.org`. - Per-recipients rule `set enigmail rules for` field unable to edit. - File names of attachments are not encrypted. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3744=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3744=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): enigmail-2.2.4-3.25.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): enigmail-2.2.4-3.25.1 References: https://bugzilla.suse.com/1179505 From sle-updates at lists.suse.com Thu Dec 10 07:20:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:20:05 +0100 (CET) Subject: SUSE-SU-2020:3740-1: important: Security update for openssl-1_1 Message-ID: <20201210142005.6699BFD1B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3740-1 Rating: important References: #1179491 Cross-References: CVE-2020-1971 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3740=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3740=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3740=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3740=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3740=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3740=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.27.1 libopenssl1_1-32bit-1.1.1d-2.27.1 libopenssl1_1-debuginfo-1.1.1d-2.27.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.27.1 openssl-1_1-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.27.1 libopenssl1_1-32bit-1.1.1d-2.27.1 libopenssl1_1-debuginfo-1.1.1d-2.27.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.27.1 openssl-1_1-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.27.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.27.1 libopenssl1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.27.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.27.1 libopenssl1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.27.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.27.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.27.1 libopenssl1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-1.1.1d-2.27.1 openssl-1_1-debuginfo-1.1.1d-2.27.1 openssl-1_1-debugsource-1.1.1d-2.27.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.27.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.27.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://bugzilla.suse.com/1179491 From sle-updates at lists.suse.com Thu Dec 10 07:21:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 15:21:02 +0100 (CET) Subject: SUSE-SU-2020:3739-1: moderate: Security update for curl Message-ID: <20201210142102.B9F0EFD1B@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3739-1 Rating: moderate References: #1179398 #1179399 #1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3739=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3739=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.9.1 curl-debugsource-7.60.0-11.9.1 libcurl-devel-7.60.0-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.9.1 curl-debuginfo-7.60.0-11.9.1 curl-debugsource-7.60.0-11.9.1 libcurl4-7.60.0-11.9.1 libcurl4-debuginfo-7.60.0-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.9.1 libcurl4-debuginfo-32bit-7.60.0-11.9.1 References: https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 From sle-updates at lists.suse.com Thu Dec 10 10:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:15:45 +0100 (CET) Subject: SUSE-SU-2020:3748-1: important: Security update for the Linux Kernel Message-ID: <20201210171545.45EFEFD1B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3748-1 Rating: important References: #1149032 #1152489 #1153274 #1154353 #1155518 #1160634 #1166146 #1166166 #1167030 #1167773 #1170139 #1171073 #1171558 #1172873 #1173504 #1174852 #1175306 #1175918 #1176109 #1176180 #1176200 #1176481 #1176586 #1176855 #1176983 #1177066 #1177070 #1177353 #1177397 #1177577 #1177666 #1177703 #1177820 #1178123 #1178182 #1178227 #1178286 #1178304 #1178330 #1178393 #1178401 #1178426 #1178461 #1178579 #1178581 #1178584 #1178585 #1178589 #1178635 #1178653 #1178659 #1178661 #1178669 #1178686 #1178740 #1178755 #1178762 #1178838 #1178853 #1178886 #1179001 #1179012 #1179014 #1179015 #1179045 #1179076 #1179082 #1179107 #1179140 #1179141 #1179160 #1179201 #1179211 #1179217 #1179225 #1179419 #1179424 #1179425 #1179426 #1179427 #1179429 #1179432 #1179442 #1179550 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-27777 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 72 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix "BUG: invalid wait context" when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report "not charging" on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc "(kABI: revert use_mm name change (MM Functionality, bsc#1178426))". - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (git-fixes). - Revert "xfs: complain if anyone tries to create a too-large buffer" (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair "fixed-link" support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3748=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 kernel-default-livepatch-5.3.18-24.43.2 kernel-default-livepatch-devel-5.3.18-24.43.2 kernel-livepatch-5_3_18-24_43-default-1-5.3.3 kernel-livepatch-5_3_18-24_43-default-debuginfo-1-5.3.3 kernel-livepatch-SLE15-SP2_Update_8-debugsource-1-5.3.3 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28941.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29369.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1166146 https://bugzilla.suse.com/1166166 https://bugzilla.suse.com/1167030 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173504 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175918 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176180 https://bugzilla.suse.com/1176200 https://bugzilla.suse.com/1176481 https://bugzilla.suse.com/1176586 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177066 https://bugzilla.suse.com/1177070 https://bugzilla.suse.com/1177353 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177577 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178227 https://bugzilla.suse.com/1178286 https://bugzilla.suse.com/1178304 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178426 https://bugzilla.suse.com/1178461 https://bugzilla.suse.com/1178579 https://bugzilla.suse.com/1178581 https://bugzilla.suse.com/1178584 https://bugzilla.suse.com/1178585 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178653 https://bugzilla.suse.com/1178659 https://bugzilla.suse.com/1178661 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178740 https://bugzilla.suse.com/1178755 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179001 https://bugzilla.suse.com/1179012 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179076 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179160 https://bugzilla.suse.com/1179201 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179217 https://bugzilla.suse.com/1179225 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179425 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179432 https://bugzilla.suse.com/1179442 https://bugzilla.suse.com/1179550 From sle-updates at lists.suse.com Thu Dec 10 10:25:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:25:59 +0100 (CET) Subject: SUSE-FU-2020:3745-1: Backport NVIDIA Container Toolkit to CaaS Platform 4.2 tree Message-ID: <20201210172559.2502DFD1B@maintenance.suse.de> SUSE Feature Update: Backport NVIDIA Container Toolkit to CaaS Platform 4.2 tree ______________________________________________________________________________ Announcement ID: SUSE-FU-2020:3745-1 Rating: low References: Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: Backport NVIDIA Container Toolkit to CaaS Platform 4.2 release tree - libnvidia-container - nvidia-container-toolkit Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (x86_64): libnvidia-container-debuginfo-1.1.1-1.3.7 libnvidia-container-debugsource-1.1.1-1.3.7 libnvidia-container-devel-1.1.1-1.3.7 libnvidia-container-static-1.1.1-1.3.7 libnvidia-container-tools-1.1.1-1.3.7 libnvidia-container-tools-debuginfo-1.1.1-1.3.7 libnvidia-container1-1.1.1-1.3.7 libnvidia-container1-debuginfo-1.1.1-1.3.7 nvidia-container-toolkit-0.0+git.1580519869.60f165a-1.3.5 References: From sle-updates at lists.suse.com Thu Dec 10 10:27:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:27:36 +0100 (CET) Subject: SUSE-RU-2020:3381-2: moderate: Recommended update for systemd Message-ID: <20201210172736.10AF4FD1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3381-2 Rating: moderate References: #1177458 #1177490 #1177510 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3381=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3381=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3381=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3381=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsystemd0-234-24.64.1 libsystemd0-debuginfo-234-24.64.1 libudev-devel-234-24.64.1 libudev1-234-24.64.1 libudev1-debuginfo-234-24.64.1 systemd-234-24.64.1 systemd-container-234-24.64.1 systemd-container-debuginfo-234-24.64.1 systemd-coredump-234-24.64.1 systemd-coredump-debuginfo-234-24.64.1 systemd-debuginfo-234-24.64.1 systemd-debugsource-234-24.64.1 systemd-devel-234-24.64.1 systemd-sysvinit-234-24.64.1 udev-234-24.64.1 udev-debuginfo-234-24.64.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-24.64.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsystemd0-32bit-234-24.64.1 libsystemd0-32bit-debuginfo-234-24.64.1 libudev1-32bit-234-24.64.1 libudev1-32bit-debuginfo-234-24.64.1 systemd-32bit-234-24.64.1 systemd-32bit-debuginfo-234-24.64.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-24.64.1 libsystemd0-debuginfo-234-24.64.1 libudev-devel-234-24.64.1 libudev1-234-24.64.1 libudev1-debuginfo-234-24.64.1 systemd-234-24.64.1 systemd-container-234-24.64.1 systemd-container-debuginfo-234-24.64.1 systemd-coredump-234-24.64.1 systemd-coredump-debuginfo-234-24.64.1 systemd-debuginfo-234-24.64.1 systemd-debugsource-234-24.64.1 systemd-devel-234-24.64.1 systemd-sysvinit-234-24.64.1 udev-234-24.64.1 udev-debuginfo-234-24.64.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-24.64.1 libsystemd0-debuginfo-234-24.64.1 libudev-devel-234-24.64.1 libudev1-234-24.64.1 libudev1-debuginfo-234-24.64.1 systemd-234-24.64.1 systemd-container-234-24.64.1 systemd-container-debuginfo-234-24.64.1 systemd-coredump-234-24.64.1 systemd-coredump-debuginfo-234-24.64.1 systemd-debuginfo-234-24.64.1 systemd-debugsource-234-24.64.1 systemd-devel-234-24.64.1 systemd-sysvinit-234-24.64.1 udev-234-24.64.1 udev-debuginfo-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-24.64.1 libsystemd0-32bit-debuginfo-234-24.64.1 libudev1-32bit-234-24.64.1 libudev1-32bit-debuginfo-234-24.64.1 systemd-32bit-234-24.64.1 systemd-32bit-debuginfo-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-24.64.1 libsystemd0-debuginfo-234-24.64.1 libudev-devel-234-24.64.1 libudev1-234-24.64.1 libudev1-debuginfo-234-24.64.1 systemd-234-24.64.1 systemd-container-234-24.64.1 systemd-container-debuginfo-234-24.64.1 systemd-coredump-234-24.64.1 systemd-coredump-debuginfo-234-24.64.1 systemd-debuginfo-234-24.64.1 systemd-debugsource-234-24.64.1 systemd-devel-234-24.64.1 systemd-sysvinit-234-24.64.1 udev-234-24.64.1 udev-debuginfo-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-24.64.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-24.64.1 libsystemd0-32bit-debuginfo-234-24.64.1 libudev1-32bit-234-24.64.1 libudev1-32bit-debuginfo-234-24.64.1 systemd-32bit-234-24.64.1 systemd-32bit-debuginfo-234-24.64.1 References: https://bugzilla.suse.com/1177458 https://bugzilla.suse.com/1177490 https://bugzilla.suse.com/1177510 From sle-updates at lists.suse.com Thu Dec 10 10:28:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:28:42 +0100 (CET) Subject: SUSE-SU-2020:3749-1: moderate: Security update for gcc7 Message-ID: <20201210172842.BFBDBFD1B@maintenance.suse.de> SUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3749-1 Rating: moderate References: #1150164 #1161913 #1167939 #1172798 #1178577 #1178614 #1178624 #1178675 SLE-12209 Cross-References: CVE-2020-13844 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 7 fixes is now available. Description: This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3749=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3749=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3749=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3749=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gcc7-info-7.5.0+r278197-4.19.2 References: https://www.suse.com/security/cve/CVE-2020-13844.html https://bugzilla.suse.com/1150164 https://bugzilla.suse.com/1161913 https://bugzilla.suse.com/1167939 https://bugzilla.suse.com/1172798 https://bugzilla.suse.com/1178577 https://bugzilla.suse.com/1178614 https://bugzilla.suse.com/1178624 https://bugzilla.suse.com/1178675 From sle-updates at lists.suse.com Thu Dec 10 10:32:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:32:32 +0100 (CET) Subject: SUSE-RU-2020:3746-1: moderate: Recommended update for dracut Message-ID: <20201210173232.7DBA0FD1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3746-1 Rating: moderate References: #1169997 #996146 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Fix for error handling and downgrade module load failure to a warning as it is not fatal at all. (bsc#1169997) - Implement network setup on 'infiniband' devices. (bsc#996146) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3746=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-044.2-17.19.1 dracut-debuginfo-044.2-17.19.1 dracut-debugsource-044.2-17.19.1 dracut-fips-044.2-17.19.1 References: https://bugzilla.suse.com/1169997 https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Thu Dec 10 10:35:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2020 18:35:11 +0100 (CET) Subject: SUSE-SU-2020:3748-1: important: Security update for the Linux Kernel Message-ID: <20201210173511.2495AFD1B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3748-1 Rating: important References: #1149032 #1152489 #1153274 #1154353 #1155518 #1160634 #1166146 #1166166 #1167030 #1167773 #1170139 #1171073 #1171558 #1172873 #1173504 #1174852 #1175306 #1175918 #1176109 #1176180 #1176200 #1176481 #1176586 #1176855 #1176983 #1177066 #1177070 #1177353 #1177397 #1177577 #1177666 #1177703 #1177820 #1178123 #1178182 #1178227 #1178286 #1178304 #1178330 #1178393 #1178401 #1178426 #1178461 #1178579 #1178581 #1178584 #1178585 #1178589 #1178635 #1178653 #1178659 #1178661 #1178669 #1178686 #1178740 #1178755 #1178762 #1178838 #1178853 #1178886 #1179001 #1179012 #1179014 #1179015 #1179045 #1179076 #1179082 #1179107 #1179140 #1179141 #1179160 #1179201 #1179211 #1179217 #1179225 #1179419 #1179424 #1179425 #1179426 #1179427 #1179429 #1179432 #1179442 #1179550 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-27777 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 72 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix "BUG: invalid wait context" when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report "not charging" on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc "(kABI: revert use_mm name change (MM Functionality, bsc#1178426))". - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (git-fixes). - Revert "xfs: complain if anyone tries to create a too-large buffer" (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for "grep -E". So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair "fixed-link" support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3748=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3748=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3748=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3748=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3748=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3748=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 kernel-default-extra-5.3.18-24.43.2 kernel-default-extra-debuginfo-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 kernel-default-livepatch-5.3.18-24.43.2 kernel-default-livepatch-devel-5.3.18-24.43.2 kernel-livepatch-5_3_18-24_43-default-1-5.3.3 kernel-livepatch-5_3_18-24_43-default-debuginfo-1-5.3.3 kernel-livepatch-SLE15-SP2_Update_8-debugsource-1-5.3.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 reiserfs-kmp-default-5.3.18-24.43.2 reiserfs-kmp-default-debuginfo-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.43.2 kernel-obs-build-debugsource-5.3.18-24.43.2 kernel-syms-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.43.2 kernel-preempt-debugsource-5.3.18-24.43.2 kernel-preempt-devel-5.3.18-24.43.2 kernel-preempt-devel-debuginfo-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.43.2 kernel-source-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.43.2 kernel-default-base-5.3.18-24.43.2.9.17.3 kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 kernel-default-devel-5.3.18-24.43.2 kernel-default-devel-debuginfo-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.43.2 kernel-preempt-debuginfo-5.3.18-24.43.2 kernel-preempt-debugsource-5.3.18-24.43.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.43.2 kernel-macros-5.3.18-24.43.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.43.2 cluster-md-kmp-default-debuginfo-5.3.18-24.43.2 dlm-kmp-default-5.3.18-24.43.2 dlm-kmp-default-debuginfo-5.3.18-24.43.2 gfs2-kmp-default-5.3.18-24.43.2 gfs2-kmp-default-debuginfo-5.3.18-24.43.2 kernel-default-debuginfo-5.3.18-24.43.2 kernel-default-debugsource-5.3.18-24.43.2 ocfs2-kmp-default-5.3.18-24.43.2 ocfs2-kmp-default-debuginfo-5.3.18-24.43.2 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25668.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28941.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29369.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1166146 https://bugzilla.suse.com/1166166 https://bugzilla.suse.com/1167030 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173504 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175918 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176180 https://bugzilla.suse.com/1176200 https://bugzilla.suse.com/1176481 https://bugzilla.suse.com/1176586 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177066 https://bugzilla.suse.com/1177070 https://bugzilla.suse.com/1177353 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177577 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178123 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178227 https://bugzilla.suse.com/1178286 https://bugzilla.suse.com/1178304 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178426 https://bugzilla.suse.com/1178461 https://bugzilla.suse.com/1178579 https://bugzilla.suse.com/1178581 https://bugzilla.suse.com/1178584 https://bugzilla.suse.com/1178585 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178653 https://bugzilla.suse.com/1178659 https://bugzilla.suse.com/1178661 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178740 https://bugzilla.suse.com/1178755 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179001 https://bugzilla.suse.com/1179012 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179076 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179160 https://bugzilla.suse.com/1179201 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179217 https://bugzilla.suse.com/1179225 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179425 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179432 https://bugzilla.suse.com/1179442 https://bugzilla.suse.com/1179550 From sle-updates at lists.suse.com Thu Dec 10 23:52:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Dec 2020 07:52:14 +0100 (CET) Subject: SUSE-CU-2020:771-1: Security update of suse/sles12sp5 Message-ID: <20201211065214.80C3FFD10@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:771-1 Container Tags : suse/sles12sp5:6.5.106 , suse/sles12sp5:latest Container Release : 6.5.106 Severity : moderate Type : security References : 1179398 1179399 1179593 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3739-1 Released: Thu Dec 10 09:17:34 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). From sle-updates at lists.suse.com Thu Dec 10 23:52:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Dec 2020 07:52:39 +0100 (CET) Subject: SUSE-CU-2020:772-1: Recommended update of suse/sle15 Message-ID: <20201211065239.23B7FFD10@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:772-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.10.2.139 Container Release : 10.2.139 Severity : moderate Type : recommended References : 1179431 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Fri Dec 11 04:01:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Dec 2020 12:01:06 +0100 (CET) Subject: SUSE-IU-2020:111-1: Security update of suse-sles-15-sp1-chost-byos-v20201209-gen2 Message-ID: <20201211110106.EBA8FFD10@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20201209-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:111-1 Image Tags : suse-sles-15-sp1-chost-byos-v20201209-gen2:20201209 Image Release : Severity : critical Type : security References : 1011548 1055014 1055186 1058115 1061843 1065600 1065600 1065729 1065729 1065729 1066382 1077428 1094244 1100369 1104902 1109160 1112178 1112178 1113956 1116957 1118367 1118368 1123327 1128220 1131277 1133877 1134760 1139775 1140683 1141559 1152930 1153943 1153946 1154366 1154935 1155027 1156205 1157051 1158499 1158830 1159566 1160158 1161168 1161198 1161203 1161239 1161335 1161923 1162896 1163569 1163592 1165281 1165424 1165502 1165534 1165786 1166602 1166848 1167030 1167471 1167527 1168468 1168698 1169972 1170347 1170415 1170667 1170713 1171313 1171558 1171675 1171688 1171740 1171742 1171762 1171806 1172157 1172429 1172538 1172688 1172695 1172798 1172846 1172873 1172952 1172958 1173060 1173064 1173104 1173115 1173256 1173273 1173307 1173311 1173391 1173422 1173432 1173433 1173503 1173529 1173902 1173972 1173983 1173994 1174079 1174232 1174240 1174257 1174477 1174561 1174564 1174593 1174697 1174748 1174748 1174753 1174817 1174899 1174918 1174918 1174918 1175110 1175168 1175228 1175306 1175342 1175443 1175520 1175568 1175592 1175721 1175749 1175847 1175882 1175894 1175989 1176011 1176022 1176038 1176062 1176086 1176092 1176123 1176142 1176155 1176173 1176181 1176192 1176192 1176235 1176242 1176262 1176262 1176278 1176285 1176316 1176317 1176318 1176319 1176320 1176321 1176325 1176354 1176368 1176369 1176381 1176395 1176400 1176410 1176410 1176423 1176435 1176435 1176482 1176485 1176507 1176513 1176536 1176544 1176545 1176546 1176548 1176549 1176560 1176579 1176625 1176644 1176659 1176670 1176671 1176674 1176698 1176699 1176700 1176712 1176712 1176713 1176721 1176722 1176723 1176725 1176732 1176740 1176740 1176759 1176788 1176789 1176800 1176855 1176869 1176877 1176902 1176902 1176907 1176935 1176946 1176950 1176962 1176966 1176983 1176990 1177027 1177027 1177030 1177041 1177042 1177043 1177044 1177086 1177101 1177121 1177143 1177161 1177206 1177238 1177238 1177257 1177258 1177271 1177281 1177291 1177293 1177294 1177295 1177296 1177315 1177315 1177340 1177410 1177411 1177458 1177460 1177460 1177470 1177479 1177490 1177510 1177511 1177533 1177603 1177613 1177685 1177687 1177703 1177719 1177724 1177725 1177740 1177749 1177750 1177753 1177754 1177755 1177766 1177790 1177819 1177820 1177855 1177856 1177858 1177861 1177864 1177913 1177914 1177915 1177939 1177957 1177983 1178003 1178027 1178078 1178123 1178166 1178185 1178187 1178188 1178202 1178234 1178278 1178330 1178346 1178346 1178350 1178353 1178354 1178376 1178387 1178393 1178466 1178512 1178589 1178622 1178686 1178727 1178765 1178782 1178882 1178882 1179193 1179431 906079 927455 935885 935885 998893 CVE-2017-3136 CVE-2018-5741 CVE-2019-20916 CVE-2019-20916 CVE-2019-6477 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-13844 CVE-2020-14318 CVE-2020-14323 CVE-2020-14342 CVE-2020-14351 CVE-2020-14381 CVE-2020-14383 CVE-2020-14390 CVE-2020-1472 CVE-2020-15999 CVE-2020-16120 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25692 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-26154 CVE-2020-27673 CVE-2020-27675 CVE-2020-28196 CVE-2020-8027 CVE-2020-8037 CVE-2020-8277 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8694 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20201209-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2722-1 Released: Wed Sep 23 11:36:10 2020 Summary: Security update for samba Type: security Severity: important References: 1176579,CVE-2020-1472 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2780-1 Released: Tue Sep 29 11:27:51 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2795-1 Released: Tue Sep 29 14:29:33 2020 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1116957 This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2818-1 Released: Thu Oct 1 10:38:55 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2830-1 Released: Fri Oct 2 10:34:26 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1161335,1176625 This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2867-1 Released: Tue Oct 6 16:12:10 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1139775,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 This update for multipath-tools fixes the following issues: - kpartx: Recognize DASD on loop devices again. (bsc#1139775) - kpartx.rules: Fix handling of synthetic uevents. (bsc#1161923) - libmpathpersist: Limit PRIN allocation length to 8192 bytes. (bsc#1165786) - Fix handling of incompletely initialized udev devices. (bsc#1172157) - Avoid data corruption caused by duplicate alias in bindings file. (bsc#1172429) - Improve logging for failure to set dev_loss_tmo. (bsc#1173060, bsc#1173064) - Fix handling of hardware properties for maps without paths. (bsc#1176644) - Backported upstream fixes (bsc#1176670): * multipath-tools: add HPE MSA 1060/2060 to hwtable. * ALUA support for PURE FlashArray. * libmultipath: EMC PowerMax NVMe device config. * libmultipath: Fix ALUA autodetection when paths are down. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2905-1 Released: Tue Oct 13 15:48:30 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2945-1 Released: Fri Oct 16 10:06:06 2020 Summary: Recommended update for python-azure-agent Type: recommended Severity: critical References: 1176368,1176369,1177161,1177257 This update for python-azure-agent fixes the following issues: - Fixes an issue when the 'python-azure-agent' fails to initialize Azure instances. (bsc#1177161, bsc#1177257) Update to version 2.2.49.2 (bsc#1176368, bsc#1176369) + Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906) - From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858) - From 2.2.46 + [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2953-1 Released: Mon Oct 19 06:25:15 2020 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1176142 This update for gettext-runtime fixes the following issues: - Fix for an issue when 'xgettext' crashes during creating a 'POT' file. (bsc#1176142) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2971-1 Released: Tue Oct 20 16:41:37 2020 Summary: Recommended update for shim-susesigned Type: recommended Severity: moderate References: 1177315 This update contains changes needed for Common criteria certification. shim: * add a temporary shim loader EFI signed by SUSE that contains additional checks of Extended Key Usage for Codesigning (bsc#1177315) The Common Criteria system role for 15-SP2 was adjusted: * Configure alternative shim (bsc#1177315) * Remove curve25519-sha256 at libssh.org as it doesn't work in fips mode * doc: logrotate is started via timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2972-1 Released: Tue Oct 20 17:07:51 2020 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1065729,1140683,1172538,1174748,1175520,1176400,1176946,1177027,1177340,1177511,1177685,1177724,1177725,CVE-2020-12351,CVE-2020-12352,CVE-2020-25645 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi-hisi-kabi-fixes.patch - scsi-hisi-kabi-fixes.patch - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2975-1 Released: Wed Oct 21 08:16:15 2020 Summary: Recommended update for kexec-tools Type: recommended Severity: critical References: 1133877,1141559,1168698,1172688 This update for kexec-tools fixes the following issues: - Fixes an issue where XEN fails to start 'kdump' service. (bsc#1133877, bsc#1141559, bsc#1172688) - Fix for loading kdump kernel with kexec on startup. (bsc#1168698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2988-1 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2989-1 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1171806 This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3046-1 Released: Tue Oct 27 14:41:21 2020 Summary: Recommended update for shim-susesigned Type: recommended Severity: moderate References: 1177315 This update for shim-susesigned fixes the following issues: - Fix a buffer use-after-free at the end of the EKU verification in shim-susesigned (bsc#1177315) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:05:17 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3058-1 Released: Wed Oct 28 06:11:14 2020 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: 1176155 This update for catatonit fixes the following issues: - Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3092-1 Released: Thu Oct 29 16:37:35 2020 Summary: Security update for samba Type: security Severity: important References: 1173902,1173994,1177613,CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3129-1 Released: Tue Nov 3 12:10:14 2020 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1159566,1173391,1176285,1176325 This update for sysconfig fixes the following issues: - Fix for 'netconfig' to run with a new library including fallback to the previous location. (bsc#1176285) - Fix for changing content of such files like '/etc/resolv.conf' to avoid linked applications re-read them and unnecessarily re-initializes themselves accordingly. (bsc#1176325) - Fix for 'chrony helper' calling in background. (bsc#1173391) - Fix for configuration file by creating a symlink for it to prevent false ownership on the file. (bsc#1159566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3138-1 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 This update for systemd fixes the following issues: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg' option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3198-1 Released: Fri Nov 6 13:00:46 2020 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1155027 This update for SUSEConnect fixes the following issues: - Recognize more formats when parsing the '.curlrc' for proxy credentials. (bsc#1155027) - Add 'rpmlintrc' to filter false-positive warning about patch not applied - Extend the YaST API in order to access to the package search functionality. (jsc#SLE-9109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3234-1 Released: Fri Nov 6 16:01:36 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3253-1 Released: Mon Nov 9 07:45:04 2020 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1174697,1176173 This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3270-1 Released: Tue Nov 10 17:53:08 2020 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1175894,1177603,1177790,1177913,1177915,1178078 This update for bind fixes the following issues: - Add '/usr/lib64/named' to the files and directories in bind config to include external plugins for chroot. (bsc#1178078) - Replaced named's dependency on time-sync with a dependency on time-set in 'named.service' to avoid a dependency-loop. (bsc#1177790) - Removed 'dnssec-enable' from named.conf as it has been obsoleted and may break. (bsc#1177915) - Added a comment for reference which should be removed in the future. (bsc#1177603) - Added a comment to the 'dnssec-validation' in named.conf with a reference to forwarders which do not return signed responses. (bsc#1175894) - Replaced an INSIST macro which calls abort with a test and a diagnostic output. (bsc#1177913) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3272-1 Released: Tue Nov 10 19:39:20 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055014,1061843,1065600,1065729,1066382,1077428,1112178,1131277,1134760,1170415,1171558,1173432,1174748,1176354,1176485,1176560,1176713,1176723,1177086,1177101,1177271,1177281,1177410,1177411,1177470,1177687,1177719,1177740,1177749,1177750,1177753,1177754,1177755,1177766,1177855,1177856,1177861,1178003,1178027,1178166,1178185,1178187,1178188,1178202,1178234,1178330,CVE-2020-0430,CVE-2020-14351,CVE-2020-16120,CVE-2020-25285,CVE-2020-25656,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11). - bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: fix incorrect updating of log root tree (bsc#1177687). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: remove root usage from can_overcommit (bsc#1131277). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234). - ceph: map snapid to anonymous bdev ID (bsc#1178234). - ceph: promote to unsigned long long before shifting (bsc#1178187). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - coredump: fix crash when umh is disabled (bsc#1177753). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: ccp - fix error handling (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/gma500: fix error check (git-fixes). - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - Fix use after free in get_capset_info callback (git-fixes). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - leds: mt6323: move period calculation (git-fixes). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188). - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mlx5 PPC ringsize workaround (bsc#1173432). - mlx5: remove support for ib_get_vector_affinity (bsc#1174748). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)). - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)). - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - Move upstreamed patches into sorted section - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net/mlx5e: Take common TIR context settings into a function (bsc#1177740). - net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - nvme: do not update disk info for multipathed device (bsc#1171558). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rtl8xxxu: prevent potential memory leak (git-fixes). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: handle broken union descriptors (git-fixes). - usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - usb: serial: qcserial: fix altsetting probing (git-fixes). - vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202). - video: fbdev: sis: fix null ptr dereference (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)). - x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). - xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027). - xfs: limit entries returned when counting fsmap records (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3285-1 Released: Wed Nov 11 11:22:14 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to version 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to version 1.14.40. - info: Assume descriptions starting with '

' are richtext (bsc#935885) - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to version 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3287-1 Released: Wed Nov 11 12:24:43 2020 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1172952,1176062,1177957,1178278 This update for grub2 fixes the following issues: - Fixed an issue, where the https boot was interrupted by an unrecognized network address error message (bsc#1172952) - Improve the error handling when grub2-install fails with short mbr gap (bsc#1176062) - Fixed an error in grub2-install where it exited with 'failed to get canonical path of `/boot/grub2/i386-pc'.' (bsc#1177957) - Fixed a boot failure issue on blocklist installations (bsc#1178278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3300-1 Released: Thu Nov 12 13:30:59 2020 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1177939 This update for openssh fixes the following issues: - Ensure that only approved DH parameters are used in FIPS mode, to meet NIST 800-56arev3 restrictions. (bsc#1177939). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3358-1 Released: Tue Nov 17 13:17:10 2020 Summary: Security update for tcpdump Type: security Severity: moderate References: 1178466,CVE-2020-8037 This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3382-1 Released: Thu Nov 19 11:03:01 2020 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: 1174257 This update for dmidecode fixes the following issues: - Add partial support for SMBIOS 3.4.0. (bsc#1174257) - Skip details of uninstalled memory modules. (bsc#1174257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3419-1 Released: Thu Nov 19 13:40:32 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: moderate References: 1162896,1178354 This update for multipath-tools fixes the following issues: - Avoid reading files extensions other than '.conf' from config dir. (bsc#1162896) - Fix wrong usage of '%service_del_preun -n' macro in spec file. (bsc#1178354) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3461-1 Released: Fri Nov 20 13:09:07 2020 Summary: Recommended update for bind Type: recommended Severity: low References: 1177983 This update for bind fixes the following issue: - Build the 'Administrator Reference Manual' which is built using python3-Sphinx (bsc#1177983) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3478-1 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Type: security Severity: moderate References: 1178882,CVE-2020-8277 This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3481-1 Released: Mon Nov 23 11:17:09 2020 Summary: Optional update for vim Type: optional Severity: low References: 1166602,1173256,1174564,1176549 This update for vim doesn't fix any user visible issues and it is optional to install. - Introduce vim-small package with reduced requirements for small installations (bsc#1166602). - Stop owning /etc/vimrc so the old, distro provided config actually gets removed. - Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256) - Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3485-1 Released: Mon Nov 23 13:10:36 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1123327,1173503,1175110,998893 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message 'Too many open files'. (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3507-1 Released: Tue Nov 24 17:16:45 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1163592,1167030,1172873,1175306,1175721,1176855,1176907,1176983,1177703,1177819,1177820,1178123,1178393,1178589,1178622,1178686,1178765,1178782,927455,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - clk: ti: clockdomain: fix static checker warning (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - device property: Do not clear secondary pointer for shared primary firmware node (git-fixes). - device property: Keep secondary firmware node secondary by type (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - icmp: randomize the global rate limiter (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - Move the upstreamed powercap fix into sorted sectio - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - usb: cdc-acm: fix cooldown mechanism (git-fixes). - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3546-1 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3560-1 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3572-1 Released: Mon Nov 30 18:12:34 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1177533 This update for lvm2 fixes the following issues: - Fixed an issue where /boot logical volume was accidentally unmounted (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3616-1 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1178882 - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) From sle-updates at lists.suse.com Fri Dec 11 04:02:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Dec 2020 12:02:23 +0100 (CET) Subject: SUSE-IU-2020:112-1: Security update of suse-sles-15-sp1-chost-byos-v20201209-hvm-ssd-x86_64 Message-ID: <20201211110223.C0ABAFD10@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20201209-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:112-1 Image Tags : suse-sles-15-sp1-chost-byos-v20201209-hvm-ssd-x86_64:20201209 Image Release : Severity : critical Type : security References : 1011548 1027519 1027519 1055014 1055186 1058115 1061843 1065600 1065600 1065729 1065729 1065729 1066382 1077428 1094244 1100369 1104902 1109160 1112178 1112178 1113956 1118367 1118368 1123327 1128220 1131277 1133877 1134760 1139775 1140683 1141559 1152930 1153943 1153946 1154366 1154935 1155027 1156205 1157051 1158499 1158830 1159566 1160158 1161168 1161198 1161203 1161239 1161335 1161923 1162896 1163569 1163592 1165281 1165424 1165502 1165534 1165786 1166602 1166848 1167030 1167471 1167527 1168468 1168698 1169972 1170347 1170415 1170667 1170713 1171313 1171558 1171675 1171688 1171740 1171742 1171762 1171806 1172157 1172429 1172538 1172688 1172695 1172798 1172846 1172873 1172952 1172958 1173060 1173064 1173104 1173115 1173256 1173273 1173307 1173311 1173391 1173422 1173432 1173433 1173503 1173529 1173902 1173972 1173983 1173994 1174079 1174232 1174240 1174257 1174443 1174444 1174477 1174561 1174564 1174593 1174697 1174748 1174748 1174753 1174817 1174899 1174918 1174918 1174918 1175110 1175168 1175228 1175306 1175342 1175443 1175520 1175568 1175592 1175721 1175749 1175847 1175882 1175894 1175989 1176011 1176022 1176038 1176062 1176086 1176092 1176123 1176142 1176155 1176173 1176181 1176192 1176192 1176235 1176242 1176262 1176262 1176278 1176285 1176316 1176317 1176318 1176319 1176320 1176321 1176325 1176339 1176341 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 1176354 1176381 1176395 1176400 1176410 1176410 1176423 1176435 1176435 1176482 1176485 1176507 1176513 1176536 1176544 1176545 1176546 1176548 1176549 1176560 1176579 1176625 1176644 1176659 1176670 1176671 1176674 1176698 1176699 1176700 1176712 1176712 1176713 1176721 1176722 1176723 1176725 1176732 1176740 1176740 1176759 1176788 1176789 1176800 1176855 1176869 1176877 1176902 1176902 1176907 1176935 1176946 1176950 1176962 1176966 1176983 1176990 1177027 1177027 1177030 1177041 1177042 1177043 1177044 1177086 1177101 1177121 1177143 1177206 1177238 1177238 1177258 1177271 1177281 1177291 1177293 1177294 1177295 1177296 1177340 1177409 1177409 1177410 1177411 1177412 1177412 1177413 1177413 1177414 1177414 1177458 1177460 1177460 1177470 1177479 1177490 1177510 1177511 1177526 1177526 1177533 1177603 1177613 1177685 1177687 1177703 1177719 1177724 1177725 1177740 1177749 1177750 1177753 1177754 1177755 1177766 1177790 1177819 1177820 1177855 1177856 1177858 1177861 1177864 1177913 1177914 1177915 1177939 1177950 1177957 1177983 1178003 1178027 1178078 1178123 1178166 1178185 1178187 1178188 1178202 1178234 1178278 1178330 1178346 1178346 1178350 1178353 1178354 1178376 1178387 1178393 1178466 1178512 1178589 1178591 1178591 1178622 1178686 1178727 1178765 1178782 1178882 1178882 1178963 1179150 1179151 1179193 1179431 906079 927455 935885 935885 998893 CVE-2017-3136 CVE-2018-5741 CVE-2019-20916 CVE-2019-20916 CVE-2019-6477 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-13844 CVE-2020-14318 CVE-2020-14323 CVE-2020-14342 CVE-2020-14351 CVE-2020-14381 CVE-2020-14383 CVE-2020-14390 CVE-2020-1472 CVE-2020-15999 CVE-2020-16120 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219 CVE-2020-25284 CVE-2020-25285 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25692 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-26154 CVE-2020-27670 CVE-2020-27670 CVE-2020-27671 CVE-2020-27671 CVE-2020-27672 CVE-2020-27672 CVE-2020-27673 CVE-2020-27673 CVE-2020-27674 CVE-2020-27675 CVE-2020-28196 CVE-2020-28368 CVE-2020-28368 CVE-2020-8027 CVE-2020-8037 CVE-2020-8277 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8694 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20201209-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2722-1 Released: Wed Sep 23 11:36:10 2020 Summary: Security update for samba Type: security Severity: important References: 1176579,CVE-2020-1472 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2780-1 Released: Tue Sep 29 11:27:51 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2790-1 Released: Tue Sep 29 14:13:29 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2818-1 Released: Thu Oct 1 10:38:55 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2830-1 Released: Fri Oct 2 10:34:26 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1161335,1176625 This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2867-1 Released: Tue Oct 6 16:12:10 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1139775,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 This update for multipath-tools fixes the following issues: - kpartx: Recognize DASD on loop devices again. (bsc#1139775) - kpartx.rules: Fix handling of synthetic uevents. (bsc#1161923) - libmpathpersist: Limit PRIN allocation length to 8192 bytes. (bsc#1165786) - Fix handling of incompletely initialized udev devices. (bsc#1172157) - Avoid data corruption caused by duplicate alias in bindings file. (bsc#1172429) - Improve logging for failure to set dev_loss_tmo. (bsc#1173060, bsc#1173064) - Fix handling of hardware properties for maps without paths. (bsc#1176644) - Backported upstream fixes (bsc#1176670): * multipath-tools: add HPE MSA 1060/2060 to hwtable. * ALUA support for PURE FlashArray. * libmultipath: EMC PowerMax NVMe device config. * libmultipath: Fix ALUA autodetection when paths are down. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2905-1 Released: Tue Oct 13 15:48:30 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1168468,1169972,1171675,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176395,1176410,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177027,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177258,1177291,1177293,1177294,1177295,1177296,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2953-1 Released: Mon Oct 19 06:25:15 2020 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1176142 This update for gettext-runtime fixes the following issues: - Fix for an issue when 'xgettext' crashes during creating a 'POT' file. (bsc#1176142) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2972-1 Released: Tue Oct 20 17:07:51 2020 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1065729,1140683,1172538,1174748,1175520,1176400,1176946,1177027,1177340,1177511,1177685,1177724,1177725,CVE-2020-12351,CVE-2020-12352,CVE-2020-25645 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi-hisi-kabi-fixes.patch - scsi-hisi-kabi-fixes.patch - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2975-1 Released: Wed Oct 21 08:16:15 2020 Summary: Recommended update for kexec-tools Type: recommended Severity: critical References: 1133877,1141559,1168698,1172688 This update for kexec-tools fixes the following issues: - Fixes an issue where XEN fails to start 'kdump' service. (bsc#1133877, bsc#1141559, bsc#1172688) - Fix for loading kdump kernel with kexec on startup. (bsc#1168698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2988-1 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2989-1 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1171806 This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:05:17 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3051-1 Released: Tue Oct 27 16:08:54 2020 Summary: Security update for xen Type: security Severity: important References: 1177409,1177412,1177413,1177414,CVE-2020-27670,CVE-2020-27671,CVE-2020-27672,CVE-2020-27673 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3058-1 Released: Wed Oct 28 06:11:14 2020 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: 1176155 This update for catatonit fixes the following issues: - Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3092-1 Released: Thu Oct 29 16:37:35 2020 Summary: Security update for samba Type: security Severity: important References: 1173902,1173994,1177613,CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3129-1 Released: Tue Nov 3 12:10:14 2020 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1159566,1173391,1176285,1176325 This update for sysconfig fixes the following issues: - Fix for 'netconfig' to run with a new library incl