From sle-updates at lists.suse.com Wed Jul 1 01:12:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 09:12:45 +0200 (CEST) Subject: SUSE-RU-2020:1809-1: moderate: Recommended update for icewm-theme-branding Message-ID: <20200701071245.46C90FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm-theme-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1809-1 Rating: moderate References: #1170420 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for icewm-theme-branding fixes the following issues: Fix the "zypper dup" issue on Leap by explicitly obsoleting icewm-config-upstream. (bsc#1170420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1809=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1809=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): icewm-theme-branding-1.2.4-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-theme-branding-1.2.4-3.9.2 References: https://bugzilla.suse.com/1170420 From sle-updates at lists.suse.com Wed Jul 1 04:17:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 12:17:15 +0200 (CEST) Subject: SUSE-CU-2020:353-1: Security update of suse/sle15 Message-ID: <20200701101715.79909FEE0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:353-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.227 Container Release : 4.22.227 Severity : important Type : security References : 1157315 1162698 1164538 1169488 1171145 1172072 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-updates at lists.suse.com Wed Jul 1 04:23:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 12:23:57 +0200 (CEST) Subject: SUSE-CU-2020:354-1: Security update of suse/sle15 Message-ID: <20200701102357.B621EFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:354-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.260 Container Release : 6.2.260 Severity : important Type : security References : 1157315 1162698 1164538 1169357 1169488 1171145 1172072 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-updates at lists.suse.com Wed Jul 1 04:24:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 12:24:12 +0200 (CEST) Subject: SUSE-CU-2020:355-1: Recommended update of suse/sle15 Message-ID: <20200701102412.ABB92FF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:355-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.697 Container Release : 8.2.697 Severity : moderate Type : recommended References : 1157315 1162698 1164538 1169357 1169488 1171145 1172072 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) From sle-updates at lists.suse.com Wed Jul 1 07:12:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 15:12:38 +0200 (CEST) Subject: SUSE-RU-2020:1814-1: important: Recommended update for mdadm Message-ID: <20200701131238.DC2E0FEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1814-1 Rating: important References: #1163727 #1168953 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Detail: differentiate between container and inactive arrays (bsc#1163727) - Monitor: improve check_one_sharer() for checking duplicated process (bsc#1168953) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1814=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1814=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1814=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1814=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1814=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mdadm-4.0-8.9.1 mdadm-debuginfo-4.0-8.9.1 mdadm-debugsource-4.0-8.9.1 - SUSE OpenStack Cloud 9 (x86_64): mdadm-4.0-8.9.1 mdadm-debuginfo-4.0-8.9.1 mdadm-debugsource-4.0-8.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mdadm-4.0-8.9.1 mdadm-debuginfo-4.0-8.9.1 mdadm-debugsource-4.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mdadm-4.0-8.9.1 mdadm-debuginfo-4.0-8.9.1 mdadm-debugsource-4.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mdadm-4.0-8.9.1 mdadm-debuginfo-4.0-8.9.1 mdadm-debugsource-4.0-8.9.1 References: https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1168953 From sle-updates at lists.suse.com Wed Jul 1 07:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 15:13:31 +0200 (CEST) Subject: SUSE-RU-2020:1813-1: important: Recommended update for mdadm Message-ID: <20200701131331.C56DFFEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1813-1 Rating: important References: #1163727 #1168953 #1173137 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - OnCalendar format fix of mdcheck_start.timer (bsc#1173137) - Detail: differentiate between container and inactive arrays (bsc#1163727) - Monitor: improve check_one_sharer() for checking duplicated process (bsc#1168953) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1813=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.8.1 mdadm-debuginfo-4.1-4.8.1 mdadm-debugsource-4.1-4.8.1 References: https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1168953 https://bugzilla.suse.com/1173137 From sle-updates at lists.suse.com Wed Jul 1 07:14:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 15:14:31 +0200 (CEST) Subject: SUSE-RU-2020:1812-1: important: Recommended update for mdadm Message-ID: <20200701131431.05E9AFEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1812-1 Rating: important References: #1163727 #1168953 #1173137 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - OnCalendar format fix of mdcheck_start.timer (bsc#1173137) - Detail: adding sync status for cluster device (bsc#1163727) - Monitor: improve check_one_sharer() for checking duplicated process (bsc#1168953) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1812=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1812=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.14.1 mdadm-debuginfo-4.1-15.14.1 mdadm-debugsource-4.1-15.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.14.1 mdadm-debuginfo-4.1-15.14.1 mdadm-debugsource-4.1-15.14.1 References: https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1168953 https://bugzilla.suse.com/1173137 From sle-updates at lists.suse.com Wed Jul 1 07:15:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 15:15:31 +0200 (CEST) Subject: SUSE-RU-2020:1815-1: moderate: Recommended update for mdadm Message-ID: <20200701131531.538F8FEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1815-1 Rating: moderate References: #1129900 #1139709 #1163727 #1168953 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Add '--no-devices' option to mdadm to avoid component devices detail information. (bsc#1139709) - Add '--no-devices' option to the udev for calling 'mdadm --detail'. (bsc#1139709) - Fix for issue to avoid unexpected switching from raid0 to raid4 by using option '--grow'. (bsc#1129900) - Fix for an issue with corrupted XFS filesystem after replacing the faulty disk in MD mirror. (bsc#1163727) - Fix for an issue with monitor by improve checking duplicated process. (bsc#1168953) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1815=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1815=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1815=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1815=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1815=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1815=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1815=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - SUSE OpenStack Cloud 8 (x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 - HPE Helion Openstack 8 (x86_64): mdadm-4.0-6.34.1 mdadm-debuginfo-4.0-6.34.1 mdadm-debugsource-4.0-6.34.1 References: https://bugzilla.suse.com/1129900 https://bugzilla.suse.com/1139709 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1168953 From sle-updates at lists.suse.com Wed Jul 1 13:12:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 21:12:14 +0200 (CEST) Subject: SUSE-SU-2020:14415-1: moderate: Security update for ntp Message-ID: <20200701191214.C7B7EFEE0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14415-1 Rating: moderate References: #1169740 #1171355 #1172651 #1173334 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-ntp-14415=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-14415=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ntp-4.2.8p15-64.16.1 ntp-doc-4.2.8p15-64.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p15-64.16.1 ntp-debugsource-4.2.8p15-64.16.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 From sle-updates at lists.suse.com Wed Jul 1 13:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 21:13:15 +0200 (CEST) Subject: SUSE-RU-2020:1816-1: moderate: Recommended update for postgresql10 Message-ID: <20200701191315.B6BA3FEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1816-1 Rating: moderate References: #1148643 #1171924 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql10 fixes the following issues: postgresql was updated to 10.13 (bsc#1171924). For more details see: - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/10/release-10-13.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1816=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1816=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.13-8.16.5 postgresql10-contrib-debuginfo-10.13-8.16.5 postgresql10-debuginfo-10.13-8.16.5 postgresql10-debugsource-10.13-8.16.5 postgresql10-devel-10.13-8.16.5 postgresql10-devel-debuginfo-10.13-8.16.5 postgresql10-plperl-10.13-8.16.5 postgresql10-plperl-debuginfo-10.13-8.16.5 postgresql10-plpython-10.13-8.16.5 postgresql10-plpython-debuginfo-10.13-8.16.5 postgresql10-pltcl-10.13-8.16.5 postgresql10-pltcl-debuginfo-10.13-8.16.5 postgresql10-server-10.13-8.16.5 postgresql10-server-debuginfo-10.13-8.16.5 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql10-docs-10.13-8.16.5 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.13-8.16.5 postgresql10-contrib-debuginfo-10.13-8.16.5 postgresql10-debuginfo-10.13-8.16.5 postgresql10-debugsource-10.13-8.16.5 postgresql10-devel-10.13-8.16.5 postgresql10-devel-debuginfo-10.13-8.16.5 postgresql10-plperl-10.13-8.16.5 postgresql10-plperl-debuginfo-10.13-8.16.5 postgresql10-plpython-10.13-8.16.5 postgresql10-plpython-debuginfo-10.13-8.16.5 postgresql10-pltcl-10.13-8.16.5 postgresql10-pltcl-debuginfo-10.13-8.16.5 postgresql10-server-10.13-8.16.5 postgresql10-server-debuginfo-10.13-8.16.5 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql-server-devel-12.0.1-8.14.1 postgresql10-docs-10.13-8.16.5 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-10.13-8.16.5 postgresql10-debuginfo-10.13-8.16.5 postgresql10-debugsource-10.13-8.16.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-10.13-8.16.5 postgresql10-debuginfo-10.13-8.16.5 postgresql10-debugsource-10.13-8.16.5 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postgresql-12.0.1-8.14.1 References: https://bugzilla.suse.com/1148643 https://bugzilla.suse.com/1171924 From sle-updates at lists.suse.com Wed Jul 1 13:14:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2020 21:14:44 +0200 (CEST) Subject: SUSE-SU-2020:1819-1: important: Security update for unbound Message-ID: <20200701191444.A89E8FEE0@maintenance.suse.de> SUSE Security Update: Security update for unbound ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1819-1 Rating: important References: #1157268 #1171889 Cross-References: CVE-2019-18934 CVE-2020-12662 CVE-2020-12663 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889). - CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889). - CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1819=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1819=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1819=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1819=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-18934.html https://www.suse.com/security/cve/CVE-2020-12662.html https://www.suse.com/security/cve/CVE-2020-12663.html https://bugzilla.suse.com/1157268 https://bugzilla.suse.com/1171889 From sle-updates at lists.suse.com Thu Jul 2 01:02:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:02:11 +0200 (CEST) Subject: SUSE-CU-2020:356-1: Security update of suse/sles12sp3 Message-ID: <20200702070211.891D9FDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:356-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.171 , suse/sles12sp3:latest Container Release : 24.171 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1732-1 Released: Wed Jun 24 09:42:55 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-updates at lists.suse.com Thu Jul 2 01:10:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:10:48 +0200 (CEST) Subject: SUSE-CU-2020:357-1: Security update of suse/sles12sp4 Message-ID: <20200702071048.93B52FDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:357-1 Container Tags : suse/sles12sp4:26.202 , suse/sles12sp4:latest Container Release : 26.202 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1735-1 Released: Wed Jun 24 09:44:20 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-updates at lists.suse.com Thu Jul 2 01:14:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:14:30 +0200 (CEST) Subject: SUSE-CU-2020:358-1: Security update of suse/sles12sp5 Message-ID: <20200702071430.1703CFDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:358-1 Container Tags : suse/sles12sp5:6.5.18 , suse/sles12sp5:latest Container Release : 6.5.18 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1734-1 Released: Wed Jun 24 09:43:55 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-updates at lists.suse.com Thu Jul 2 04:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 12:13:41 +0200 (CEST) Subject: SUSE-RU-2020:1820-1: moderate: Recommended update for dracut Message-ID: <20200702101341.D83C5FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1820-1 Rating: moderate References: #1161573 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issue: - Fix dracut timeout on missing root device (bsc#1161573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1820=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.64.1 dracut-debuginfo-044.2-18.64.1 dracut-debugsource-044.2-18.64.1 dracut-fips-044.2-18.64.1 dracut-ima-044.2-18.64.1 References: https://bugzilla.suse.com/1161573 From sle-updates at lists.suse.com Thu Jul 2 04:14:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 12:14:28 +0200 (CEST) Subject: SUSE-RU-2020:1821-1: moderate: Recommended update for dracut Message-ID: <20200702101428.D1C40FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1821-1 Rating: moderate References: #1172807 #1172816 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1821=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.146.g6f5195cf-3.3.1 dracut-debuginfo-049.1+suse.146.g6f5195cf-3.3.1 dracut-debugsource-049.1+suse.146.g6f5195cf-3.3.1 dracut-fips-049.1+suse.146.g6f5195cf-3.3.1 dracut-ima-049.1+suse.146.g6f5195cf-3.3.1 References: https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1172816 From sle-updates at lists.suse.com Thu Jul 2 07:14:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 15:14:07 +0200 (CEST) Subject: SUSE-SU-2020:1822-1: important: Security update for python3 Message-ID: <20200702131407.C33DFFDE1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1822-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1822=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1822=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1822=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1822=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1822=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1822=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1822=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1822=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-testsuite-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-updates at lists.suse.com Thu Jul 2 07:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 15:12:53 +0200 (CEST) Subject: SUSE-SU-2020:1823-1: moderate: Security update for ntp Message-ID: <20200702131253.205E1FDE1@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1823-1 Rating: moderate References: #1125401 #1169740 #1171355 #1172651 #1173334 #992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1823=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1823=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 https://bugzilla.suse.com/992038 From sle-updates at lists.suse.com Thu Jul 2 10:12:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:12:45 +0200 (CEST) Subject: SUSE-RU-2020:1830-1: Recommended update for sle-module-containers-release Message-ID: <20200702161245.38A24FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-containers-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1830-1 Rating: low References: #1173361 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-module-containers-release fixes the following issues: - End-of-Life date has been corrected to 2021-01-31. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-1830=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): sle-module-containers-release-15.1-70.1 References: https://bugzilla.suse.com/1173361 From sle-updates at lists.suse.com Thu Jul 2 10:13:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:13:24 +0200 (CEST) Subject: SUSE-RU-2020:1826-1: moderate: Recommended update for resource-agents Message-ID: <20200702161324.387CCFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1826-1 Rating: moderate References: #1170270 #1172734 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed a bug where the pulling of images was stuck (bsc#1170270) - Added a fix for defect file /usr/lib/ocf/resource.d/heartbeat/clvm (bsc#1172734) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1826=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.3.3 resource-agents-4.4.0+git57.70549516-3.3.3 resource-agents-debuginfo-4.4.0+git57.70549516-3.3.3 resource-agents-debugsource-4.4.0+git57.70549516-3.3.3 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.3.3 References: https://bugzilla.suse.com/1170270 https://bugzilla.suse.com/1172734 From sle-updates at lists.suse.com Thu Jul 2 10:14:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:14:11 +0200 (CEST) Subject: SUSE-SU-2020:1828-1: moderate: Security update for systemd Message-ID: <20200702161411.0B3A0FDE1@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1828-1 Rating: moderate References: #1084671 #1154256 #1157315 #1161262 #1161436 #1162698 #1164538 #1165633 #1167622 #1171145 Cross-References: CVE-2019-20386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1828=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1828=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.12.5 systemd-debuginfo-228-157.12.5 systemd-debugsource-228-157.12.5 systemd-devel-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.12.5 libsystemd0-debuginfo-228-157.12.5 libudev-devel-228-157.12.5 libudev1-228-157.12.5 libudev1-debuginfo-228-157.12.5 systemd-228-157.12.5 systemd-debuginfo-228-157.12.5 systemd-debugsource-228-157.12.5 systemd-devel-228-157.12.5 systemd-sysvinit-228-157.12.5 udev-228-157.12.5 udev-debuginfo-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.12.5 libsystemd0-debuginfo-32bit-228-157.12.5 libudev1-32bit-228-157.12.5 libudev1-debuginfo-32bit-228-157.12.5 systemd-32bit-228-157.12.5 systemd-debuginfo-32bit-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.12.5 References: https://www.suse.com/security/cve/CVE-2019-20386.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1154256 https://bugzilla.suse.com/1157315 https://bugzilla.suse.com/1161262 https://bugzilla.suse.com/1161436 https://bugzilla.suse.com/1162698 https://bugzilla.suse.com/1164538 https://bugzilla.suse.com/1165633 https://bugzilla.suse.com/1167622 https://bugzilla.suse.com/1171145 From sle-updates at lists.suse.com Thu Jul 2 10:15:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:15:51 +0200 (CEST) Subject: SUSE-RU-2020:1824-1: moderate: Recommended update for resource-agents Message-ID: <20200702161551.A96C5FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1824-1 Rating: moderate References: #1162978 #1170270 #1172734 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed a bug where the pulling of images was stuck (bsc#1170270) - Added a fix for defect file /usr/lib/ocf/resource.d/heartbeat/clvm (bsc#1172734) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-1824=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-3.45.4 resource-agents-4.3.0184.6ee15eb2-3.45.4 resource-agents-debuginfo-4.3.0184.6ee15eb2-3.45.4 resource-agents-debugsource-4.3.0184.6ee15eb2-3.45.4 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-3.45.4 References: https://bugzilla.suse.com/1162978 https://bugzilla.suse.com/1170270 https://bugzilla.suse.com/1172734 From sle-updates at lists.suse.com Thu Jul 2 10:16:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:16:43 +0200 (CEST) Subject: SUSE-RU-2020:1825-1: moderate: Recommended update for resource-agents Message-ID: <20200702161643.598ABFEE0@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1825-1 Rating: moderate References: #1162978 #1170270 #1172734 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed a bug where the pulling of images was stuck (bsc#1170270) - Added a fix for defect file /usr/lib/ocf/resource.d/heartbeat/clvm (bsc#1172734) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1825=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.30.4 resource-agents-4.3.0184.6ee15eb2-4.30.4 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.30.4 resource-agents-debugsource-4.3.0184.6ee15eb2-4.30.4 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.30.4 References: https://bugzilla.suse.com/1162978 https://bugzilla.suse.com/1170270 https://bugzilla.suse.com/1172734 From sle-updates at lists.suse.com Thu Jul 2 10:17:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:17:34 +0200 (CEST) Subject: SUSE-RU-2020:1832-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20200702161734.28529FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1832-1 Rating: moderate References: #1173398 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-sync-data fixes the following issue: - version 3.2.20-1 - Add the new Product Classes SUSE Linux Enterprise Server LTSS 12 SP4. (bsc#1173398) - add SLE Live Patching (Z-Series) and SUSE Linux Enterprise Server LTSS 12 SP3 ARM64 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-1832=1 Package List: - SUSE Manager Server 3.2 (noarch): susemanager-sync-data-3.2.20-3.38.1 References: https://bugzilla.suse.com/1173398 From sle-updates at lists.suse.com Thu Jul 2 10:18:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:18:12 +0200 (CEST) Subject: SUSE-RU-2020:1827-1: important: Recommended update for yast2-installation Message-ID: <20200702161812.70C7AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1827-1 Rating: important References: #1172853 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-installation fixes the following issues: - Fixes an isuse where /etc/nvme/hostnqn nor /etc/nvme/hostid were available after system installation (bsc#1172853) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1827=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-1827=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-installation-4.2.43-3.3.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-installation-4.2.43-3.3.1 References: https://bugzilla.suse.com/1172853 From sle-updates at lists.suse.com Thu Jul 2 10:18:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:18:52 +0200 (CEST) Subject: SUSE-RU-2020:1829-1: Recommended update for sle-module-containers-release Message-ID: <20200702161852.016DDFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-containers-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1829-1 Rating: low References: #1173364 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-module-containers-release fixes the following issues: - End-of-Life date has been corrected to 2021-06-30. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1829=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): sle-module-containers-release-15.2-47.1 References: https://bugzilla.suse.com/1173364 From sle-updates at lists.suse.com Thu Jul 2 10:19:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:19:30 +0200 (CEST) Subject: SUSE-RU-2020:1831-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20200702161930.B949AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1831-1 Rating: moderate References: #1173398 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-sync-data fixes the following issue: - Add the new Product Classes SUSE Linux Enterprise Server LTSS 12 SP4. (bsc#1173398) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-1831=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): susemanager-sync-data-4.0.16-3.18.1 References: https://bugzilla.suse.com/1173398 From sle-updates at lists.suse.com Fri Jul 3 07:12:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2020 15:12:50 +0200 (CEST) Subject: SUSE-RU-2020:1837-1: moderate: Recommended update for perl-ldap Message-ID: <20200703131250.64F24FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1837-1 Rating: moderate References: #1171756 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-ldap fixes the following issues: - Do not set default sslversion for start_tls. (bsc#1171756) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1837=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1837=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-ldap-0.44-10.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-ldap-0.44-10.3.1 References: https://bugzilla.suse.com/1171756 From sle-updates at lists.suse.com Fri Jul 3 10:12:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2020 18:12:54 +0200 (CEST) Subject: SUSE-SU-2020:1839-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20200703161254.96948FC39@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1839-1 Rating: important References: #1159819 #1168669 #1169746 #1170908 #1171978 #1173022 Cross-References: CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr to version 4.25 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1839=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1839=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1839=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1839=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1839=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1839=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1839=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1839=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1839=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1839=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1839=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1839=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1839=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1839=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Enterprise Storage 5 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 References: https://www.suse.com/security/cve/CVE-2019-17006.html https://www.suse.com/security/cve/CVE-2020-12399.html https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1159819 https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1169746 https://bugzilla.suse.com/1170908 https://bugzilla.suse.com/1171978 https://bugzilla.suse.com/1173022 From sle-updates at lists.suse.com Fri Jul 3 10:14:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2020 18:14:50 +0200 (CEST) Subject: SUSE-SU-2020:1396-2: moderate: Security update for zstd Message-ID: <20200703161450.C4463FC39@maintenance.suse.de> SUSE Security Update: Security update for zstd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1396-2 Rating: moderate References: #1082318 #1133297 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1396=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1396=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1396=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1396=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1396=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libzstd-devel-1.4.4-1.3.1 libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 zstd-1.4.4-1.3.1 zstd-debuginfo-1.4.4-1.3.1 zstd-debugsource-1.4.4-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1133297 From sle-updates at lists.suse.com Fri Jul 3 10:16:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2020 18:16:20 +0200 (CEST) Subject: SUSE-RU-2020:1840-1: Recommended update for libgfortran3 Message-ID: <20200703161620.9D880FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgfortran3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1840-1 Rating: low References: #1166047 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update includes libgfortran3 built out of gcc6 in the Legacy Module. (bsc#1166047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1840=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1840=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): compat-libgfortran3-6.2.1+r239768-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): compat-libgfortran3-6.2.1+r239768-1.3.1 References: https://bugzilla.suse.com/1166047 From sle-updates at lists.suse.com Fri Jul 3 19:12:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jul 2020 03:12:31 +0200 (CEST) Subject: SUSE-SU-2020:1841-1: important: Security update for tomcat Message-ID: <20200704011231.646F6FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1841-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1841=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1841=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1841=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1841=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-updates at lists.suse.com Fri Jul 3 19:13:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jul 2020 03:13:09 +0200 (CEST) Subject: SUSE-SU-2020:1842-1: moderate: Security update for systemd Message-ID: <20200704011309.C457EFC39@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1842-1 Rating: moderate References: #1084671 #1154256 #1157315 #1161262 #1161436 #1162698 #1164538 #1165633 #1167622 #1171145 Cross-References: CVE-2019-20386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1842=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1842=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.86.3 systemd-debuginfo-228-150.86.3 systemd-debugsource-228-150.86.3 systemd-devel-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.86.3 libsystemd0-debuginfo-228-150.86.3 libudev-devel-228-150.86.3 libudev1-228-150.86.3 libudev1-debuginfo-228-150.86.3 systemd-228-150.86.3 systemd-debuginfo-228-150.86.3 systemd-debugsource-228-150.86.3 systemd-devel-228-150.86.3 systemd-sysvinit-228-150.86.3 udev-228-150.86.3 udev-debuginfo-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.86.3 libsystemd0-debuginfo-32bit-228-150.86.3 libudev1-32bit-228-150.86.3 libudev1-debuginfo-32bit-228-150.86.3 systemd-32bit-228-150.86.3 systemd-debuginfo-32bit-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.86.3 References: https://www.suse.com/security/cve/CVE-2019-20386.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1154256 https://bugzilla.suse.com/1157315 https://bugzilla.suse.com/1161262 https://bugzilla.suse.com/1161436 https://bugzilla.suse.com/1162698 https://bugzilla.suse.com/1164538 https://bugzilla.suse.com/1165633 https://bugzilla.suse.com/1167622 https://bugzilla.suse.com/1171145 From sle-updates at lists.suse.com Mon Jul 6 10:14:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:14:41 +0200 (CEST) Subject: SUSE-SU-2020:1843-1: moderate: Security update for nasm Message-ID: <20200706161441.B493FFC39@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1843-1 Rating: moderate References: #1084631 #1086186 #1086227 #1086228 #1090519 #1090840 #1106878 #1107592 #1107594 #1108404 #1115758 #1115774 #1115795 #1173538 Cross-References: CVE-2018-1000667 CVE-2018-10016 CVE-2018-10254 CVE-2018-10316 CVE-2018-16382 CVE-2018-16517 CVE-2018-16999 CVE-2018-19214 CVE-2018-19215 CVE-2018-19216 CVE-2018-8881 CVE-2018-8882 CVE-2018-8883 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1843=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1843=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-3.4.1 nasm-debuginfo-2.14.02-3.4.1 nasm-debugsource-2.14.02-3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-3.4.1 nasm-debuginfo-2.14.02-3.4.1 nasm-debugsource-2.14.02-3.4.1 References: https://www.suse.com/security/cve/CVE-2018-1000667.html https://www.suse.com/security/cve/CVE-2018-10016.html https://www.suse.com/security/cve/CVE-2018-10254.html https://www.suse.com/security/cve/CVE-2018-10316.html https://www.suse.com/security/cve/CVE-2018-16382.html https://www.suse.com/security/cve/CVE-2018-16517.html https://www.suse.com/security/cve/CVE-2018-16999.html https://www.suse.com/security/cve/CVE-2018-19214.html https://www.suse.com/security/cve/CVE-2018-19215.html https://www.suse.com/security/cve/CVE-2018-19216.html https://www.suse.com/security/cve/CVE-2018-8881.html https://www.suse.com/security/cve/CVE-2018-8882.html https://www.suse.com/security/cve/CVE-2018-8883.html https://bugzilla.suse.com/1084631 https://bugzilla.suse.com/1086186 https://bugzilla.suse.com/1086227 https://bugzilla.suse.com/1086228 https://bugzilla.suse.com/1090519 https://bugzilla.suse.com/1090840 https://bugzilla.suse.com/1106878 https://bugzilla.suse.com/1107592 https://bugzilla.suse.com/1107594 https://bugzilla.suse.com/1108404 https://bugzilla.suse.com/1115758 https://bugzilla.suse.com/1115774 https://bugzilla.suse.com/1115795 https://bugzilla.suse.com/1173538 From sle-updates at lists.suse.com Mon Jul 6 10:16:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:16:52 +0200 (CEST) Subject: SUSE-SU-2020:1850-1: moderate: Security update for mozilla-nss Message-ID: <20200706161652.5B1CCFEC3@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1850-1 Rating: moderate References: #1168669 #1173032 Cross-References: CVE-2020-12402 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1850=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1850=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1850=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1850=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1850=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1850=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1850=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1850=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1173032 From sle-updates at lists.suse.com Mon Jul 6 10:17:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:17:43 +0200 (CEST) Subject: SUSE-RU-2020:1845-1: moderate: Recommended update for resource-agents Message-ID: <20200706161743.5ECB0FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1845-1 Rating: moderate References: #1170270 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed a bug where the pulling of images was stuck (bsc#1170270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-1845=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.48.2 resource-agents-4.0.1+git.1495055229.643177f1-2.48.2 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.48.2 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.48.2 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.48.2 References: https://bugzilla.suse.com/1170270 From sle-updates at lists.suse.com Mon Jul 6 10:18:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:18:24 +0200 (CEST) Subject: SUSE-RU-2020:1846-1: important: Recommended update for yast2-ruby-bindings Message-ID: <20200706161824.446BCFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1846-1 Rating: important References: #1172275 #1172848 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-ruby-bindings fixes the following issues: - Fixed a Ruby error when the appliance gets configured during an installation, which led to a crash (bsc#1172848) - Fixed an error where yast2 --ncureses crashed due to an update of the Ruby interpreter (bsc#1172275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1846=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1846=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1846=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1846=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1846=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): yast2-ruby-bindings-3.2.17-3.3.1 yast2-ruby-bindings-debuginfo-3.2.17-3.3.1 yast2-ruby-bindings-debugsource-3.2.17-3.3.1 - SUSE OpenStack Cloud 9 (x86_64): yast2-ruby-bindings-3.2.17-3.3.1 yast2-ruby-bindings-debuginfo-3.2.17-3.3.1 yast2-ruby-bindings-debugsource-3.2.17-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): yast2-ruby-bindings-3.2.17-3.3.1 yast2-ruby-bindings-debuginfo-3.2.17-3.3.1 yast2-ruby-bindings-debugsource-3.2.17-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-ruby-bindings-3.2.17-3.3.1 yast2-ruby-bindings-debuginfo-3.2.17-3.3.1 yast2-ruby-bindings-debugsource-3.2.17-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): yast2-ruby-bindings-3.2.17-3.3.1 yast2-ruby-bindings-debuginfo-3.2.17-3.3.1 yast2-ruby-bindings-debugsource-3.2.17-3.3.1 References: https://bugzilla.suse.com/1172275 https://bugzilla.suse.com/1172848 From sle-updates at lists.suse.com Mon Jul 6 10:19:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:19:14 +0200 (CEST) Subject: SUSE-RU-2020:1848-1: moderate: Recommended update for crmsh Message-ID: <20200706161914.439DEFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1848-1 Rating: moderate References: #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for using SBDManager to configure sbd and enable systemd service as it is necessary. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1848=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-1848=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1585823743.3acb5567-2.30.1 crmsh-scripts-4.1.0+git.1585823743.3acb5567-2.30.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1585823743.3acb5567-2.30.1 crmsh-scripts-4.1.0+git.1585823743.3acb5567-2.30.1 References: https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Mon Jul 6 10:20:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:20:03 +0200 (CEST) Subject: SUSE-SU-2019:2971-2: important: Security update for libjpeg-turbo Message-ID: <20200706162003.784ADFEC3@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2971-2 Rating: important References: #1156402 Cross-References: CVE-2019-2201 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1847=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1847=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1847=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1847=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.12.1 libjpeg-turbo-debuginfo-1.5.3-5.12.1 libjpeg-turbo-debugsource-1.5.3-5.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.12.1 libjpeg-turbo-debuginfo-1.5.3-5.12.1 libjpeg-turbo-debugsource-1.5.3-5.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libjpeg8-32bit-8.1.2-5.12.1 libjpeg8-32bit-debuginfo-8.1.2-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-5.12.1 libjpeg62-debuginfo-62.2.0-5.12.1 libjpeg62-devel-62.2.0-5.12.1 libjpeg8-8.1.2-5.12.1 libjpeg8-debuginfo-8.1.2-5.12.1 libjpeg8-devel-8.1.2-5.12.1 libturbojpeg0-8.1.2-5.12.1 libturbojpeg0-debuginfo-8.1.2-5.12.1 References: https://www.suse.com/security/cve/CVE-2019-2201.html https://bugzilla.suse.com/1156402 From sle-updates at lists.suse.com Mon Jul 6 10:21:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:21:20 +0200 (CEST) Subject: SUSE-RU-2020:1849-1: moderate: Recommended update for crmsh Message-ID: <20200706162121.008E9FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1849-1 Rating: moderate References: #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for using SBDManager to configure sbd and enable systemd service as it is necessary. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-1849=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4+git.1585823846.cd14d1be-13.37.1 crmsh-scripts-3.0.4+git.1585823846.cd14d1be-13.37.1 References: https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Mon Jul 6 10:22:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:22:07 +0200 (CEST) Subject: SUSE-RU-2020:1844-1: moderate: Recommended update for resource-agents Message-ID: <20200706162207.DD985FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1844-1 Rating: moderate References: #1160121 #1162978 #1170270 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Added a check whether underlying devs for LVM's have disappeared to prevent an issue with the status check. (bsc#1160121) - Fixed a bug where the pulling of images was stuck (bsc#1170270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1844=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-1844=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.48.2 resource-agents-4.3.018.a7fb5035-3.48.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.48.2 resource-agents-debugsource-4.3.018.a7fb5035-3.48.2 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.48.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.48.2 resource-agents-4.3.018.a7fb5035-3.48.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.48.2 resource-agents-debugsource-4.3.018.a7fb5035-3.48.2 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.48.2 References: https://bugzilla.suse.com/1160121 https://bugzilla.suse.com/1162978 https://bugzilla.suse.com/1170270 From sle-updates at lists.suse.com Mon Jul 6 13:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:13:15 +0200 (CEST) Subject: SUSE-SU-2020:1860-1: moderate: Security update for permissions Message-ID: <20200706191315.DFDD7FDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1860-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1860=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): permissions-20181116-9.35.1 permissions-debuginfo-20181116-9.35.1 permissions-debugsource-20181116-9.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): permissions-zypp-plugin-20181116-9.35.1 References: https://bugzilla.suse.com/1171883 From sle-updates at lists.suse.com Mon Jul 6 13:14:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:14:04 +0200 (CEST) Subject: SUSE-SU-2020:1859-1: important: Security update for openldap2 Message-ID: <20200706191404.46ED8FDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1859-1 Rating: important References: #1170715 #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1859=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1859=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1859=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1859=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1859=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1859=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1859=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1859=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1859=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1859=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1859=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1859=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1859=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1859=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1859=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 8 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 7 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.71.2 openldap2-back-perl-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-devel-2.4.41-18.71.2 openldap2-devel-static-2.4.41-18.71.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.71.2 openldap2-back-perl-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-devel-2.4.41-18.71.2 openldap2-devel-static-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Enterprise Storage 5 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Enterprise Storage 5 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - HPE Helion Openstack 8 (noarch): openldap2-doc-2.4.41-18.71.2 - HPE Helion Openstack 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1170715 https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-updates at lists.suse.com Mon Jul 6 13:15:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:15:03 +0200 (CEST) Subject: SUSE-RU-2020:1861-1: moderate: Recommended update for mariadb Message-ID: <20200706191503.39864FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1861-1 Rating: moderate References: #1171550 #1172399 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mariadb contains the following fixes: - Use -DCMAKE_SKIP_RPATH=OFF and "DCMAKE_SKIP_INSTALL_RPATH=ON": (bsc#1171550) This allows to link with -rpath during build and fixes quite a few test suite failures. When installing the file -rpath is still disabled, so this should not have any effect on the installed binaries. Fixes failed tests reported within (bsc#1171550). - Fix updating tablespace ID in the index tree root pages. (bsc#1172399) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1861=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1861=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1861=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.40.4-29.44.1 libmysqlclient18-debuginfo-10.0.40.4-29.44.1 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.40.4-29.44.1 libmysqlclient18-debuginfo-10.0.40.4-29.44.1 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.40.4-29.44.1 libmysqlclient18-debuginfo-10.0.40.4-29.44.1 References: https://bugzilla.suse.com/1171550 https://bugzilla.suse.com/1172399 From sle-updates at lists.suse.com Mon Jul 6 13:15:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:15:54 +0200 (CEST) Subject: SUSE-SU-2020:1856-1: important: Security update for openldap2 Message-ID: <20200706191554.181D9FDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1856-1 Rating: important References: #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1856=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1856=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1856=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1856=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1856=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1856=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libldap-data-2.4.46-9.31.1 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-updates at lists.suse.com Mon Jul 6 13:16:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:16:44 +0200 (CEST) Subject: SUSE-SU-2020:14418-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20200706191644.EC53CFDE1@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14418-1 Rating: important References: #1141322 #1158527 #1159819 #1168669 #1169746 #1170908 #1171978 #1173032 Cross-References: CVE-2019-11727 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr was updated to version 4.25. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-nspr-202007-14418=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mozilla-nspr-4.25-29.12.2 mozilla-nspr-devel-4.25-29.12.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): mozilla-nspr-32bit-4.25-29.12.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): libfreebl3-3.53.1-38.23.1 libsoftokn3-3.53.1-38.23.1 mozilla-nss-3.53.1-38.23.1 mozilla-nss-certs-3.53.1-38.23.1 mozilla-nss-devel-3.53.1-38.23.1 mozilla-nss-tools-3.53.1-38.23.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): libfreebl3-32bit-3.53.1-38.23.1 libsoftokn3-32bit-3.53.1-38.23.1 mozilla-nss-32bit-3.53.1-38.23.1 mozilla-nss-certs-32bit-3.53.1-38.23.1 References: https://www.suse.com/security/cve/CVE-2019-11727.html https://www.suse.com/security/cve/CVE-2019-11745.html https://www.suse.com/security/cve/CVE-2019-17006.html https://www.suse.com/security/cve/CVE-2020-12399.html https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1141322 https://bugzilla.suse.com/1158527 https://bugzilla.suse.com/1159819 https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1169746 https://bugzilla.suse.com/1170908 https://bugzilla.suse.com/1171978 https://bugzilla.suse.com/1173032 From sle-updates at lists.suse.com Mon Jul 6 13:19:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:19:26 +0200 (CEST) Subject: SUSE-SU-2020:1857-1: moderate: Security update for permissions Message-ID: <20200706191926.25474FDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1857-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1857=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): permissions-20170707-3.24.1 permissions-debuginfo-20170707-3.24.1 permissions-debugsource-20170707-3.24.1 References: https://bugzilla.suse.com/1171883 From sle-updates at lists.suse.com Mon Jul 6 13:20:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:20:07 +0200 (CEST) Subject: SUSE-SU-2020:1858-1: moderate: Security update for permissions Message-ID: <20200706192007.0926EFDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1858-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1858=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1858=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1858=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1858=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 References: https://bugzilla.suse.com/1171883 From sle-updates at lists.suse.com Mon Jul 6 13:20:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:20:48 +0200 (CEST) Subject: SUSE-RU-2020:1852-1: moderate: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Message-ID: <20200706192048.CC8E7FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1852-1 Rating: moderate References: #1169444 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like "$0C00", "char12345" or "uni004F") --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1852=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1852=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1852=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fontforge-20200314-3.3.1 fontforge-debuginfo-20200314-3.3.1 fontforge-debugsource-20200314-3.3.1 ftdump-2.10.1-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): ttf-converter-1.0.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.10.1-4.5.1 freetype2-devel-2.10.1-4.5.1 libfreetype6-2.10.1-4.5.1 libfreetype6-debuginfo-2.10.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): ghostscript-fonts-9.06-14.3.1 ghostscript-fonts-other-9.06-14.3.1 ghostscript-fonts-std-9.06-14.3.1 ghostscript-fonts-std-converted-9.06-14.3.1 xorg-x11-fonts-7.6-13.3.1 xorg-x11-fonts-converted-7.6-13.3.1 xorg-x11-fonts-core-7.6-13.3.1 xorg-x11-fonts-legacy-7.6-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreetype6-32bit-2.10.1-4.5.1 libfreetype6-32bit-debuginfo-2.10.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.10.1-4.5.1 freetype2-devel-2.10.1-4.5.1 libfreetype6-2.10.1-4.5.1 libfreetype6-debuginfo-2.10.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreetype6-32bit-2.10.1-4.5.1 libfreetype6-32bit-debuginfo-2.10.1-4.5.1 References: https://bugzilla.suse.com/1169444 From sle-updates at lists.suse.com Mon Jul 6 13:21:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:21:33 +0200 (CEST) Subject: SUSE-SU-2020:1855-1: important: Security update for openldap2 Message-ID: <20200706192133.4581CFDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1855-1 Rating: important References: #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1855=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2020-1855=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-updates at lists.suse.com Mon Jul 6 13:22:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:22:22 +0200 (CEST) Subject: SUSE-SU-2020:14419-1: important: Security update for openldap2 Message-ID: <20200706192222.49A7CFDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14419-1 Rating: important References: #1172698 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openldap2-14419=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-14419=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openldap2-14419=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-14419=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openldap2-14419=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.74.13.1 libldap-2_4-2-2.4.26-0.74.13.1 openldap2-2.4.26-0.74.13.1 openldap2-back-meta-2.4.26-0.74.13.1 openldap2-client-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.74.13.1 openldap2-client-openssl1-2.4.26-0.74.13.1 openldap2-openssl1-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.74.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): compat-libldap-2_3-0-2.3.37-2.74.13.1 libldap-2_4-2-2.4.26-0.74.13.1 openldap2-2.4.26-0.74.13.1 openldap2-back-meta-2.4.26-0.74.13.1 openldap2-client-2.4.26-0.74.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.13.1 openldap2-client-debugsource-2.4.26-0.74.13.1 openldap2-debuginfo-2.4.26-0.74.13.1 openldap2-debugsource-2.4.26-0.74.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.13.1 openldap2-client-debugsource-2.4.26-0.74.13.1 openldap2-client-openssl1-debuginfo-2.4.26-0.74.13.1 openldap2-client-openssl1-debugsource-2.4.26-0.74.13.1 openldap2-debuginfo-2.4.26-0.74.13.1 openldap2-debugsource-2.4.26-0.74.13.1 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 From sle-updates at lists.suse.com Mon Jul 6 13:23:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:23:05 +0200 (CEST) Subject: SUSE-RU-2020:1010-2: moderate: Recommended update for strongswan Message-ID: <20200706192305.F4075FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1010-2 Rating: moderate References: #1164493 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for strongswan fixes the following issue: - Resolve multiple definition of swanctl_dir (bsc#1164493) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1010=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-4.9.1 strongswan-debugsource-5.8.2-4.9.1 strongswan-nm-5.8.2-4.9.1 strongswan-nm-debuginfo-5.8.2-4.9.1 References: https://bugzilla.suse.com/1164493 From sle-updates at lists.suse.com Tue Jul 7 07:12:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 15:12:36 +0200 (CEST) Subject: SUSE-RU-2020:1862-1: Recommended update for supportutils-plugin-ses Message-ID: <20200707131236.5B075FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1862-1 Rating: low References: #1173623 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - The output of the following commands will now be part of the default support config collection: * radosgw-admin bucket stats * radosgw-admin bucket limit check * radosgw-admin metadata list bucket.instance (jsc#SES-1660, bsc#1173623) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-1862=1 Package List: - SUSE Enterprise Storage 6 (noarch): supportutils-plugin-ses-6.0+git.1593321744.b148af3-3.15.1 References: https://bugzilla.suse.com/1173623 From sle-updates at lists.suse.com Tue Jul 7 07:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 15:13:15 +0200 (CEST) Subject: SUSE-RU-2020:1863-1: moderate: Recommended update for python-portalocker, python-pytest Message-ID: <20200707131315.778C7FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-portalocker, python-pytest ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1863-1 Rating: moderate References: #1140565 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-portalocker, python-pytest fixes the following issues: python-portalocker is now included in the SUSE Linux Enterprise 15 Public Cloud Module (bsc#1140565, jsc#ECO-1257, jsc#PM-1598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-1863=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-portalocker-1.2.1-1.3.1 References: https://bugzilla.suse.com/1140565 From sle-updates at lists.suse.com Tue Jul 7 10:12:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:12:57 +0200 (CEST) Subject: SUSE-SU-2019:3184-2: important: Security update for ffmpeg Message-ID: <20200707161257.2A5B9FEC3@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3184-2 Rating: important References: #1100352 #1129715 #1137526 #1154064 Cross-References: CVE-2018-13301 CVE-2019-12730 CVE-2019-17542 CVE-2019-9718 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: Security issues fixed: - CVE-2019-17542: Fixed a heap-buffer overflow in vqa_decode_chunk due to an out-of-array access (bsc#1154064). - CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check (bsc#1137526). - CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715). - CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file to MPEG4 (bsc#1100352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1867=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-4.27.1 ffmpeg-debuginfo-3.4.2-4.27.1 ffmpeg-debugsource-3.4.2-4.27.1 libavdevice57-3.4.2-4.27.1 libavdevice57-debuginfo-3.4.2-4.27.1 libavfilter6-3.4.2-4.27.1 libavfilter6-debuginfo-3.4.2-4.27.1 References: https://www.suse.com/security/cve/CVE-2018-13301.html https://www.suse.com/security/cve/CVE-2019-12730.html https://www.suse.com/security/cve/CVE-2019-17542.html https://www.suse.com/security/cve/CVE-2019-9718.html https://bugzilla.suse.com/1100352 https://bugzilla.suse.com/1129715 https://bugzilla.suse.com/1137526 https://bugzilla.suse.com/1154064 From sle-updates at lists.suse.com Tue Jul 7 10:13:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:13:55 +0200 (CEST) Subject: SUSE-SU-2020:1511-2: important: Security update for java-11-openjdk Message-ID: <20200707161355.72ED3FEC3@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1511-2 Rating: important References: #1167462 #1169511 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1511=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): java-11-openjdk-javadoc-11.0.7.0-3.42.4 References: https://www.suse.com/security/cve/CVE-2020-2754.html https://www.suse.com/security/cve/CVE-2020-2755.html https://www.suse.com/security/cve/CVE-2020-2756.html https://www.suse.com/security/cve/CVE-2020-2757.html https://www.suse.com/security/cve/CVE-2020-2767.html https://www.suse.com/security/cve/CVE-2020-2773.html https://www.suse.com/security/cve/CVE-2020-2778.html https://www.suse.com/security/cve/CVE-2020-2781.html https://www.suse.com/security/cve/CVE-2020-2800.html https://www.suse.com/security/cve/CVE-2020-2803.html https://www.suse.com/security/cve/CVE-2020-2805.html https://www.suse.com/security/cve/CVE-2020-2816.html https://www.suse.com/security/cve/CVE-2020-2830.html https://bugzilla.suse.com/1167462 https://bugzilla.suse.com/1169511 From sle-updates at lists.suse.com Tue Jul 7 10:14:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:14:40 +0200 (CEST) Subject: SUSE-SU-2019:2463-2: moderate: Security update for SDL2 Message-ID: <20200707161440.0965AFEC3@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2463-2 Rating: moderate References: #1141844 #1142031 Cross-References: CVE-2019-13616 CVE-2019-13626 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844). - CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): SDL2-debugsource-2.0.8-3.15.1 libSDL2-2_0-0-32bit-2.0.8-3.15.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-13616.html https://www.suse.com/security/cve/CVE-2019-13626.html https://bugzilla.suse.com/1141844 https://bugzilla.suse.com/1142031 From sle-updates at lists.suse.com Tue Jul 7 10:15:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:15:28 +0200 (CEST) Subject: SUSE-RU-2020:1869-1: moderate: Recommended update for libsolv, libzypp, zypper Message-ID: <20200707161528.1E9B5FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1869-1 Rating: moderate References: #1130873 #1154803 #1164543 #1165476 #1165573 #1166610 #1167122 #1168990 #1169947 #1170801 #1171224 #1172135 #1172925 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1869=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1869=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1869=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1869=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2020-1869=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1869=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1869=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 libsolv-debuginfo-0.7.14-3.30.2 libsolv-debugsource-0.7.14-3.30.2 libsolv-devel-0.7.14-3.30.2 libsolv-devel-debuginfo-0.7.14-3.30.2 libsolv-tools-0.7.14-3.30.2 libsolv-tools-debuginfo-0.7.14-3.30.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.7.12 libyui-ncurses-pkg-devel-2.48.5.2-3.7.12 libyui-ncurses-pkg8-2.48.5.2-3.7.12 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.7.12 libyui-qt-pkg-debugsource-2.45.15.2-3.7.13 libyui-qt-pkg8-2.45.15.2-3.7.13 libyui-qt-pkg8-debuginfo-2.45.15.2-3.7.13 libzypp-17.23.8-3.43.1 libzypp-debuginfo-17.23.8-3.43.1 libzypp-debugsource-17.23.8-3.43.1 libzypp-devel-17.23.8-3.43.1 perl-solv-0.7.14-3.30.2 perl-solv-debuginfo-0.7.14-3.30.2 python-solv-0.7.14-3.30.2 python-solv-debuginfo-0.7.14-3.30.2 python3-solv-0.7.14-3.30.2 python3-solv-debuginfo-0.7.14-3.30.2 ruby-solv-0.7.14-3.30.2 ruby-solv-debuginfo-0.7.14-3.30.2 yast2-pkg-bindings-4.0.13-3.9.12 yast2-pkg-bindings-debuginfo-4.0.13-3.9.12 yast2-pkg-bindings-debugsource-4.0.13-3.9.12 zypper-1.14.37-3.34.6 zypper-debuginfo-1.14.37-3.34.6 zypper-debugsource-1.14.37-3.34.6 - SUSE Linux Enterprise Server for SAP 15 (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.7.12 libyui-qt-pkg-doc-2.45.15.2-3.7.12 zypper-log-1.14.37-3.34.6 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 libsolv-debuginfo-0.7.14-3.30.2 libsolv-debugsource-0.7.14-3.30.2 libsolv-devel-0.7.14-3.30.2 libsolv-devel-debuginfo-0.7.14-3.30.2 libsolv-tools-0.7.14-3.30.2 libsolv-tools-debuginfo-0.7.14-3.30.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.7.12 libyui-ncurses-pkg-devel-2.48.5.2-3.7.12 libyui-ncurses-pkg8-2.48.5.2-3.7.12 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.7.12 libyui-qt-pkg-debugsource-2.45.15.2-3.7.13 libyui-qt-pkg8-2.45.15.2-3.7.13 libyui-qt-pkg8-debuginfo-2.45.15.2-3.7.13 libzypp-17.23.8-3.43.1 libzypp-debuginfo-17.23.8-3.43.1 libzypp-debugsource-17.23.8-3.43.1 libzypp-devel-17.23.8-3.43.1 perl-solv-0.7.14-3.30.2 perl-solv-debuginfo-0.7.14-3.30.2 python-solv-0.7.14-3.30.2 python-solv-debuginfo-0.7.14-3.30.2 python3-solv-0.7.14-3.30.2 python3-solv-debuginfo-0.7.14-3.30.2 ruby-solv-0.7.14-3.30.2 ruby-solv-debuginfo-0.7.14-3.30.2 yast2-pkg-bindings-4.0.13-3.9.12 yast2-pkg-bindings-debuginfo-4.0.13-3.9.12 yast2-pkg-bindings-debugsource-4.0.13-3.9.12 zypper-1.14.37-3.34.6 zypper-debuginfo-1.14.37-3.34.6 zypper-debugsource-1.14.37-3.34.6 - SUSE Linux Enterprise Server 15-LTSS (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.7.12 libyui-qt-pkg-doc-2.45.15.2-3.7.12 zypper-log-1.14.37-3.34.6 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libsigc-2_0-0-2.10.0-3.5.1 libsolv-tools-0.7.14-3.30.2 libyui-ncurses-pkg8-2.48.5.2-3.7.12 libyui-qt-pkg8-2.45.15.2-3.7.13 libzypp-17.23.8-3.43.1 yast2-pkg-bindings-4.0.13-3.9.12 zypper-1.14.37-3.34.6 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 libsolv-debuginfo-0.7.14-3.30.2 libsolv-debugsource-0.7.14-3.30.2 libsolv-devel-0.7.14-3.30.2 libsolv-devel-debuginfo-0.7.14-3.30.2 libsolv-tools-0.7.14-3.30.2 libsolv-tools-debuginfo-0.7.14-3.30.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.7.12 libyui-ncurses-pkg-devel-2.48.5.2-3.7.12 libyui-ncurses-pkg8-2.48.5.2-3.7.12 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.7.12 libyui-qt-pkg-debugsource-2.45.15.2-3.7.13 libyui-qt-pkg8-2.45.15.2-3.7.13 libyui-qt-pkg8-debuginfo-2.45.15.2-3.7.13 libzypp-17.23.8-3.43.1 libzypp-debuginfo-17.23.8-3.43.1 libzypp-debugsource-17.23.8-3.43.1 libzypp-devel-17.23.8-3.43.1 perl-solv-0.7.14-3.30.2 perl-solv-debuginfo-0.7.14-3.30.2 python-solv-0.7.14-3.30.2 python-solv-debuginfo-0.7.14-3.30.2 python3-solv-0.7.14-3.30.2 python3-solv-debuginfo-0.7.14-3.30.2 ruby-solv-0.7.14-3.30.2 ruby-solv-debuginfo-0.7.14-3.30.2 yast2-pkg-bindings-4.0.13-3.9.12 yast2-pkg-bindings-debuginfo-4.0.13-3.9.12 yast2-pkg-bindings-debugsource-4.0.13-3.9.12 zypper-1.14.37-3.34.6 zypper-debuginfo-1.14.37-3.34.6 zypper-debugsource-1.14.37-3.34.6 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.7.12 libyui-qt-pkg-doc-2.45.15.2-3.7.12 zypper-log-1.14.37-3.34.6 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsigc++2-debugsource-2.10.0-3.5.1 libsigc++2-devel-2.10.0-3.5.1 libsigc-2_0-0-2.10.0-3.5.1 libsigc-2_0-0-debuginfo-2.10.0-3.5.1 libsolv-debuginfo-0.7.14-3.30.2 libsolv-debugsource-0.7.14-3.30.2 libsolv-devel-0.7.14-3.30.2 libsolv-devel-debuginfo-0.7.14-3.30.2 libsolv-tools-0.7.14-3.30.2 libsolv-tools-debuginfo-0.7.14-3.30.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.7.12 libyui-ncurses-pkg-devel-2.48.5.2-3.7.12 libyui-ncurses-pkg8-2.48.5.2-3.7.12 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.7.12 libyui-qt-pkg-debugsource-2.45.15.2-3.7.13 libyui-qt-pkg8-2.45.15.2-3.7.13 libyui-qt-pkg8-debuginfo-2.45.15.2-3.7.13 libzypp-17.23.8-3.43.1 libzypp-debuginfo-17.23.8-3.43.1 libzypp-debugsource-17.23.8-3.43.1 libzypp-devel-17.23.8-3.43.1 perl-solv-0.7.14-3.30.2 perl-solv-debuginfo-0.7.14-3.30.2 python-solv-0.7.14-3.30.2 python-solv-debuginfo-0.7.14-3.30.2 python3-solv-0.7.14-3.30.2 python3-solv-debuginfo-0.7.14-3.30.2 ruby-solv-0.7.14-3.30.2 ruby-solv-debuginfo-0.7.14-3.30.2 yast2-pkg-bindings-4.0.13-3.9.12 yast2-pkg-bindings-debuginfo-4.0.13-3.9.12 yast2-pkg-bindings-debugsource-4.0.13-3.9.12 zypper-1.14.37-3.34.6 zypper-debuginfo-1.14.37-3.34.6 zypper-debugsource-1.14.37-3.34.6 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.7.12 libyui-qt-pkg-doc-2.45.15.2-3.7.12 zypper-log-1.14.37-3.34.6 References: https://bugzilla.suse.com/1130873 https://bugzilla.suse.com/1154803 https://bugzilla.suse.com/1164543 https://bugzilla.suse.com/1165476 https://bugzilla.suse.com/1165573 https://bugzilla.suse.com/1166610 https://bugzilla.suse.com/1167122 https://bugzilla.suse.com/1168990 https://bugzilla.suse.com/1169947 https://bugzilla.suse.com/1170801 https://bugzilla.suse.com/1171224 https://bugzilla.suse.com/1172135 https://bugzilla.suse.com/1172925 From sle-updates at lists.suse.com Tue Jul 7 10:17:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:17:28 +0200 (CEST) Subject: SUSE-SU-2019:3033-2: moderate: Security update for djvulibre Message-ID: <20200707161728.AC0D4FEC3@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3033-2 Rating: moderate References: #1154401 #1156188 Cross-References: CVE-2019-18804 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for djvulibre fixes the following issues: Security issue fixed: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Other issue addressed: - Fixed a crash when mmx was enabled (bsc#1154401) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1865=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-3.8.1 djvulibre-debuginfo-3.5.27-3.8.1 djvulibre-debugsource-3.5.27-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-18804.html https://bugzilla.suse.com/1154401 https://bugzilla.suse.com/1156188 From sle-updates at lists.suse.com Tue Jul 7 10:18:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:18:17 +0200 (CEST) Subject: SUSE-SU-2020:1864-1: moderate: Security update for nasm Message-ID: <20200707161817.C33D6FEC3@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1864-1 Rating: moderate References: #1058013 #1073796 #1073798 #1073799 #1073803 #1073808 #1073818 #1073823 #1073829 #1073830 #1073832 #1073846 #1084631 Cross-References: CVE-2017-14228 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: nasm was updated to version 2.14.02: * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates nasm was updated to new upstream version 2.13.02: * Fix generation of PEXTRW instruction. * Fix smartalign package which could trigger an error during optimization if the alignment code expanded too much due to optimization of the previous code. * Fix a case where negative value in TIMES directive causes panic instead of an error. * Fix the incorrect generation of VEX-encoded instruction when static mode decorators are specified on scalar instructions, losing the decorators as they require EVEX encoding. * Fix generation of dependency lists. * Fixes macro calls that have the wrong number of arguments (bsc#1073796, CVE-2017-17810) * Fixes Heap-based buffer overflow allows related to a strcpy in paste_tokens (bsc#1073798, CVE-2017-17811) * Fixes Heap-based buffer over-read in the function detoken() (bsc#1073799, CVE-2017-17812) * Fixes Use-after-free in the pp_list_one_macro function (bsc#1073803, CVE-2017-17813) * Fixes Use-after-free in do_directive (bsc#1073808, CVE-2017-17814) * Fixes Illegal address access in is_mmacro() (bsc#1073818, CVE-2017-17815) * Fixes Use-after-free in pp_getline (bsc#1073823, CVE-2017-17816) * Fixes Use-after-free in pp_verror (bsc#1073829, CVE-2017-17817) * Fixes Heap-based buffer over-read related to a while loop in paste_tokens (bsc#1073830, CVE-2017-17818) * Fixes Illegal address access in the function find_cc (bsc#1073832, CVE-2017-17819) * Fixes Use-after-free in pp_list_one_macro (bsc#1073846, CVE-2017-17820) * Fixes illegal address access in thefunction paste_tokens() (bsc#1058013, CVE-2017-14228) nasm was updated to version 2.13.01: * Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats. * Fix the address in the list file for an instruction containing a TIMES directive. * Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP. * Fix breakage on some uses of the DZ pseudo-op. nasm was updated to version 2.13.00: * Support the official forms of the UD0 and UD1 instructions. * Allow self-segment-relative expressions in immediates and displacements * Handle a 64-bit origin in NDISASM. * NASM can now generate sparse output files for relevant output formats, if the underlying operating system supports them. * Fix a number of bugs related to AVX-512 decorators. * Fix the {z} decorator on AVX-512 VMOVDQ* instructions. * Add new warnings for certain dangerous constructs which never ought to have been allowed. * Fix the EVEX (AVX-512) versions of the VPBROADCAST, VPEXTR, and VPINSR instructions. * Support contracted forms of additional instructions. * Fix Codeview malformed compiler version record. * Add the CLWB and PCOMMIT instructions. * Add the %pragma preprocessor directive for soft-error directives. * Add the RDPID instruction. nasm was updated to version 2.12.02: * Fix preprocessor errors, especially %error and %warning, inside if statements. * Fix relative relocations in 32-bit Mach-O. * More Codeview debug format fixes. * If the MASM PTR keyword is encountered, issue a warning. This is much more likely to indicate a MASM-ism encountered in NASM than it is a valid label. * This warning can be suppressed with -w-ptr, the [warning] directive (see section 2.1.24) or by the macro definition %idefine ptr %??. * When an error or a warning comes from the expansion of a multi-line macro, display the file and line numbers for the expanded macros. * Macros defined with .nolist do not get displayed. * Add macros ilog2fw() and ilog2cw() to the ifunc macro package. See section 5.4.1. nasm was updated to version 2.12.01: * Portability fixes for some platforms. * Fix error when not specifying a list file. * Correct the handling of macro-local labels in the Codeview debugging format. * Add CLZERO, MONITORX and MWAITX instructions. nasm was updated to version 2.12: * Major fixes to the macho backend (section 7.8); earlier versions would produce invalid symbols and relocations on a regular basis. * Support for thread-local storage in Mach-O. * Support for arbitrary sections in Mach-O. * Fix wrong negative size treated as a big positive value passed into backend causing NASM to crash. * Fix handling of zero-extending unsigned relocations, we have been printing wrong message and forgot to assign segment with predefined value before passing it into output format. * Fix potential write of oversized (with size greater than allowed in output format) relative relocations. * Portability fixes for building NASM with LLVM compiler. * Add support of Codeview version 8 (cv8) debug format for win32 and win64 formats in the COFF backend, see section 7.5.3. * Allow 64-bit outputs in 16/32-bit only backends. Unsigned 64-bit relocations are zero-extended from 32-bits with a warning (suppressible via -w-zext-reloc); signed 64-bit relocations are an arror. * Line numbers in list files now correspond to the lines in the source files, instead of simply being sequential. nasm was updated to version 2.11.09: * Fix potential stack overwrite in macho32 backend. * Fix relocation records in macho64 backend. * Fix symbol lookup computation in macho64 backend. * Adjust .symtab and .rela.text sections alignments to 8 bytes in elf64 backed. * Fix section length computation in bin backend which leaded in incorrect relocation records. nasm was updated to version 2.11.08: * Fix section length computation in bin backend which leaded in incorrect relocation records. * Add a warning for numeric preprocessor definitions passed via command line which might have unexpected results otherwise. * Add ability to specify a module name record in rdoff linker Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1864=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-4.8.1 nasm-debuginfo-2.14.02-4.8.1 nasm-debugsource-2.14.02-4.8.1 References: https://www.suse.com/security/cve/CVE-2017-14228.html https://www.suse.com/security/cve/CVE-2017-17810.html https://www.suse.com/security/cve/CVE-2017-17811.html https://www.suse.com/security/cve/CVE-2017-17812.html https://www.suse.com/security/cve/CVE-2017-17813.html https://www.suse.com/security/cve/CVE-2017-17814.html https://www.suse.com/security/cve/CVE-2017-17815.html https://www.suse.com/security/cve/CVE-2017-17816.html https://www.suse.com/security/cve/CVE-2017-17817.html https://www.suse.com/security/cve/CVE-2017-17818.html https://www.suse.com/security/cve/CVE-2017-17819.html https://www.suse.com/security/cve/CVE-2017-17820.html https://bugzilla.suse.com/1058013 https://bugzilla.suse.com/1073796 https://bugzilla.suse.com/1073798 https://bugzilla.suse.com/1073799 https://bugzilla.suse.com/1073803 https://bugzilla.suse.com/1073808 https://bugzilla.suse.com/1073818 https://bugzilla.suse.com/1073823 https://bugzilla.suse.com/1073829 https://bugzilla.suse.com/1073830 https://bugzilla.suse.com/1073832 https://bugzilla.suse.com/1073846 https://bugzilla.suse.com/1084631 From sle-updates at lists.suse.com Tue Jul 7 10:20:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:20:20 +0200 (CEST) Subject: SUSE-RU-2020:1871-1: moderate: Recommended update for llvm7 Message-ID: <20200707162020.732B9FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1871-1 Rating: moderate References: #1173202 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm7 fixes the following issues: - Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1871=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1871=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1871=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1871=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): liblldb7-7.0.1-3.13.1 liblldb7-debuginfo-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): liblldb7-7.0.1-3.13.1 liblldb7-debuginfo-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-3.13.1 clang7-debuginfo-7.0.1-3.13.1 clang7-devel-7.0.1-3.13.1 libLLVM7-7.0.1-3.13.1 libLLVM7-debuginfo-7.0.1-3.13.1 libLTO7-7.0.1-3.13.1 libLTO7-debuginfo-7.0.1-3.13.1 libclang7-7.0.1-3.13.1 libclang7-debuginfo-7.0.1-3.13.1 llvm7-7.0.1-3.13.1 llvm7-LTO-devel-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 llvm7-devel-7.0.1-3.13.1 llvm7-devel-debuginfo-7.0.1-3.13.1 llvm7-gold-7.0.1-3.13.1 llvm7-gold-debuginfo-7.0.1-3.13.1 llvm7-polly-7.0.1-3.13.1 llvm7-polly-debuginfo-7.0.1-3.13.1 llvm7-polly-devel-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): libomp7-devel-7.0.1-3.13.1 libomp7-devel-debuginfo-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libLLVM7-32bit-7.0.1-3.13.1 libLLVM7-32bit-debuginfo-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-3.13.1 clang7-debuginfo-7.0.1-3.13.1 clang7-devel-7.0.1-3.13.1 libLLVM7-7.0.1-3.13.1 libLLVM7-debuginfo-7.0.1-3.13.1 libLTO7-7.0.1-3.13.1 libLTO7-debuginfo-7.0.1-3.13.1 libclang7-7.0.1-3.13.1 libclang7-debuginfo-7.0.1-3.13.1 llvm7-7.0.1-3.13.1 llvm7-LTO-devel-7.0.1-3.13.1 llvm7-debuginfo-7.0.1-3.13.1 llvm7-debugsource-7.0.1-3.13.1 llvm7-devel-7.0.1-3.13.1 llvm7-devel-debuginfo-7.0.1-3.13.1 llvm7-gold-7.0.1-3.13.1 llvm7-gold-debuginfo-7.0.1-3.13.1 llvm7-polly-7.0.1-3.13.1 llvm7-polly-debuginfo-7.0.1-3.13.1 llvm7-polly-devel-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le x86_64): libomp7-devel-7.0.1-3.13.1 libomp7-devel-debuginfo-7.0.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libLLVM7-32bit-7.0.1-3.13.1 libLLVM7-32bit-debuginfo-7.0.1-3.13.1 libc++-devel-7.0.1-3.13.1 libc++1-7.0.1-3.13.1 libc++1-debuginfo-7.0.1-3.13.1 libc++abi-devel-7.0.1-3.13.1 libc++abi1-7.0.1-3.13.1 libc++abi1-debuginfo-7.0.1-3.13.1 References: https://bugzilla.suse.com/1173202 From sle-updates at lists.suse.com Tue Jul 7 10:21:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:21:04 +0200 (CEST) Subject: SUSE-SU-2020:1300-2: important: Security update for gstreamer-plugins-base Message-ID: <20200707162105.04BF0FF0B@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1300-2 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1300=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): gstreamer-plugins-base-32bit-debuginfo-1.12.5-3.3.1 gstreamer-plugins-base-debugsource-1.12.5-3.3.1 libgstaudio-1_0-0-32bit-1.12.5-3.3.1 libgstaudio-1_0-0-32bit-debuginfo-1.12.5-3.3.1 libgsttag-1_0-0-32bit-1.12.5-3.3.1 libgsttag-1_0-0-32bit-debuginfo-1.12.5-3.3.1 libgstvideo-1_0-0-32bit-1.12.5-3.3.1 libgstvideo-1_0-0-32bit-debuginfo-1.12.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-updates at lists.suse.com Tue Jul 7 10:21:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:21:47 +0200 (CEST) Subject: SUSE-SU-2020:1164-2: important: Security update for LibVNCServer Message-ID: <20200707162147.2E2BEFF0B@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1164-2 Rating: important References: #1155419 #1160471 #1170441 Cross-References: CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1164=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.14.1 libvncserver0-0.9.10-4.14.1 libvncserver0-debuginfo-0.9.10-4.14.1 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://www.suse.com/security/cve/CVE-2019-15690.html https://www.suse.com/security/cve/CVE-2019-20788.html https://bugzilla.suse.com/1155419 https://bugzilla.suse.com/1160471 https://bugzilla.suse.com/1170441 From sle-updates at lists.suse.com Tue Jul 7 10:22:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:22:41 +0200 (CEST) Subject: SUSE-SU-2020:0629-2: moderate: Security update for librsvg Message-ID: <20200707162241.89867FF0B@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0629-2 Rating: moderate References: #1162501 Cross-References: CVE-2019-20446 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in malicious SVGs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-629=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-629=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.8-3.3.1 rsvg-view-2.42.8-3.3.1 rsvg-view-debuginfo-2.42.8-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.8-3.3.1 rsvg-view-2.42.8-3.3.1 rsvg-view-debuginfo-2.42.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20446.html https://bugzilla.suse.com/1162501 From sle-updates at lists.suse.com Tue Jul 7 10:23:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:23:21 +0200 (CEST) Subject: SUSE-RU-2020:1870-1: moderate: Recommended update for llvm9 Message-ID: <20200707162321.33E78FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm9 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1870-1 Rating: moderate References: #1173202 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm9 fixes the following issues: - Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1870=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libLLVM9-9.0.1-3.3.1 libLLVM9-debuginfo-9.0.1-3.3.1 libclang9-9.0.1-3.3.1 libclang9-debuginfo-9.0.1-3.3.1 llvm9-debuginfo-9.0.1-3.3.1 llvm9-debugsource-9.0.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libLLVM9-32bit-9.0.1-3.3.1 libLLVM9-32bit-debuginfo-9.0.1-3.3.1 libc++-devel-9.0.1-3.3.1 libc++1-9.0.1-3.3.1 libc++1-debuginfo-9.0.1-3.3.1 libc++abi-devel-9.0.1-3.3.1 libc++abi1-9.0.1-3.3.1 libc++abi1-debuginfo-9.0.1-3.3.1 References: https://bugzilla.suse.com/1173202 From sle-updates at lists.suse.com Tue Jul 7 10:24:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:24:00 +0200 (CEST) Subject: SUSE-SU-2020:1682-2: important: Security update for perl Message-ID: <20200707162400.45A3EFF0B@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1682-2 Rating: important References: #1171863 #1171864 #1171866 #1172348 Cross-References: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1682=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): perl-32bit-5.26.1-7.12.1 perl-32bit-debuginfo-5.26.1-7.12.1 perl-debugsource-5.26.1-7.12.1 References: https://www.suse.com/security/cve/CVE-2020-10543.html https://www.suse.com/security/cve/CVE-2020-10878.html https://www.suse.com/security/cve/CVE-2020-12723.html https://bugzilla.suse.com/1171863 https://bugzilla.suse.com/1171864 https://bugzilla.suse.com/1171866 https://bugzilla.suse.com/1172348 From sle-updates at lists.suse.com Tue Jul 7 10:25:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:25:00 +0200 (CEST) Subject: SUSE-RU-2020:1816-2: moderate: Recommended update for postgresql10 Message-ID: <20200707162500.37EFBFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1816-2 Rating: moderate References: #1148643 #1171924 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql10 fixes the following issues: postgresql was updated to 10.13 (bsc#1171924). For more details see: - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/10/release-10-13.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1816=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): postgresql-test-12.0.1-8.14.1 References: https://bugzilla.suse.com/1148643 https://bugzilla.suse.com/1171924 From sle-updates at lists.suse.com Tue Jul 7 10:25:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:25:46 +0200 (CEST) Subject: SUSE-SU-2020:1661-2: moderate: Security update for php7 Message-ID: <20200707162546.8674BFEC3@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1661-2 Rating: moderate References: #1171999 Cross-References: CVE-2019-11048 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1661=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.58.2 php7-debugsource-7.2.5-4.58.2 php7-embed-7.2.5-4.58.2 php7-embed-debuginfo-7.2.5-4.58.2 References: https://www.suse.com/security/cve/CVE-2019-11048.html https://bugzilla.suse.com/1171999 From sle-updates at lists.suse.com Tue Jul 7 10:26:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:26:25 +0200 (CEST) Subject: SUSE-SU-2020:0594-2: moderate: Security update for gd Message-ID: <20200707162625.B9C14FEC3@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0594-2 Rating: moderate References: #1140120 #1165471 Cross-References: CVE-2018-14553 CVE-2019-11038 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-594=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): gd-debugsource-2.2.5-4.14.1 libgd3-32bit-2.2.5-4.14.1 libgd3-32bit-debuginfo-2.2.5-4.14.1 References: https://www.suse.com/security/cve/CVE-2018-14553.html https://www.suse.com/security/cve/CVE-2019-11038.html https://bugzilla.suse.com/1140120 https://bugzilla.suse.com/1165471 From sle-updates at lists.suse.com Tue Jul 7 10:27:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:27:13 +0200 (CEST) Subject: SUSE-SU-2020:0111-2: moderate: Security update for Mesa Message-ID: <20200707162713.6D127FEC3@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0111-2 Rating: moderate References: #1156015 Cross-References: CVE-2019-5068 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-111=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): Mesa-debugsource-18.3.2-34.9.1 libOSMesa8-32bit-18.3.2-34.9.1 libOSMesa8-32bit-debuginfo-18.3.2-34.9.1 References: https://www.suse.com/security/cve/CVE-2019-5068.html https://bugzilla.suse.com/1156015 From sle-updates at lists.suse.com Tue Jul 7 13:12:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 21:12:34 +0200 (CEST) Subject: SUSE-RU-2020:0755-2: moderate: Recommended update for taglib Message-ID: <20200707191234.06A6CFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for taglib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0755-2 Rating: moderate References: #1166467 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for taglib fixes the following issue: - Disable rpath explicitly to solve a build issue on Leap 15.2 (bsc#1166467) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-755=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-755=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-755=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-755=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.6.1 taglib-debuginfo-1.11.1-4.6.1 taglib-debugsource-1.11.1-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.6.1 taglib-debuginfo-1.11.1-4.6.1 taglib-debugsource-1.11.1-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libtag-devel-1.11.1-4.6.1 libtag_c0-1.11.1-4.6.1 libtag_c0-debuginfo-1.11.1-4.6.1 taglib-debuginfo-1.11.1-4.6.1 taglib-debugsource-1.11.1-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libtag1-1.11.1-4.6.1 libtag1-debuginfo-1.11.1-4.6.1 taglib-debuginfo-1.11.1-4.6.1 taglib-debugsource-1.11.1-4.6.1 References: https://bugzilla.suse.com/1166467 From sle-updates at lists.suse.com Tue Jul 7 13:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 21:13:15 +0200 (CEST) Subject: SUSE-SU-2020:1873-1: important: Security update for LibVNCServer Message-ID: <20200707191315.75D2BFDE1@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1873-1 Rating: important References: #1173477 Cross-References: CVE-2017-18922 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1873=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1873=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1873=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1873=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncclient0-0.9.10-4.19.1 libvncclient0-debuginfo-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncclient0-0.9.10-4.19.1 libvncclient0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 References: https://www.suse.com/security/cve/CVE-2017-18922.html https://bugzilla.suse.com/1173477 From sle-updates at lists.suse.com Tue Jul 7 13:13:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2020 21:13:55 +0200 (CEST) Subject: SUSE-RU-2020:1872-1: Recommended update for SUSE Manager 4.1.0 Message-ID: <20200707191355.6041AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1872-1 Rating: low References: #1173762 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager 4.1 GM Release Notes provides the following additions: - Release notes for SUSE Manager 4.1.0 (bsc#1173762) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2020-1872=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2020-1872=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2020-1872=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.0.2-3.6.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.0.2-3.6.3 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.0.2-3.6.3 References: https://bugzilla.suse.com/1173762 From sle-updates at lists.suse.com Wed Jul 8 07:12:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:12:49 +0200 (CEST) Subject: SUSE-RU-2019:2218-2: moderate: Recommended update for pinentry Message-ID: <20200708131249.DF61FFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for pinentry ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2218-2 Rating: moderate References: #1141883 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1878=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1878=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1878=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1878=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1878=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-emacs-1.1.0-4.3.1 pinentry-emacs-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gtk2-1.1.0-4.3.1 pinentry-gtk2-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gtk2-1.1.0-4.3.1 pinentry-gtk2-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 pinentry-gnome3-1.1.0-4.3.1 pinentry-gnome3-debuginfo-1.1.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): pinentry-1.1.0-4.3.1 pinentry-debuginfo-1.1.0-4.3.1 pinentry-debugsource-1.1.0-4.3.1 References: https://bugzilla.suse.com/1141883 From sle-updates at lists.suse.com Wed Jul 8 07:13:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:13:33 +0200 (CEST) Subject: SUSE-SU-2020:1695-2: moderate: Security update for osc Message-ID: <20200708131333.29F79FDE1@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1695-2 Rating: moderate References: #1122675 Cross-References: CVE-2019-3681 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675). Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error messages. - osc add: support git@ (private github) or git:// URLs correctly. - Split dependson and whatdependson commands. - Added support for osc build --shell-cmd. - Added pkg-ccache support for osc build. - Added --ccache option to osc getbinaries Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1695=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): osc-0.169.1-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-3681.html https://bugzilla.suse.com/1122675 From sle-updates at lists.suse.com Wed Jul 8 07:14:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:14:12 +0200 (CEST) Subject: SUSE-RU-2020:1567-2: moderate: Recommended update for python-typing Message-ID: <20200708131412.F31F3FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-typing ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1567-2 Rating: moderate References: #1162547 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-typing fixes the following issues: - Update to 3.7.4 (jsc#SLE-12548, bsc#1162547) - Fix subclassing builtin protocols on older Python versions - Move Protocol, runtime_checkable, Final, final, Literal, and TypedDict to typing - Add support for Python 3.8 in typing_extensions - Unify the implementation of annotated in src_py2 and src_py3 - Add Annotated in python2 - Pep 593 py3 - Drop support of Python 3.3 - [typing-extensions] Simple implementation for IntVar - Add a python 3.7+ version of Annotated to typing_extensions - Add SupportsIndex - Add TypedDict to typing_extensions - Add Final to the README - Run the tests using the current Python executable - Fix GeneralMeta.__instancecheck__() for old style classes - Add Literal[...] types to typing_extensions - Fix instance/subclass checks of functions against runtime protocols. - Bump typing_extension version - Improve PyPI entry for typing_extensions - Add Final to typing_extensions - include license file for typing-extensions and in wheels - Fix IO.closed to be property - Backport Generic.__new__ fix - Bump typing_extensions version before release - Add missing 'NoReturn' to __all__ in typing.py - Add annotations to NamedTuple children __new__ constructors - Fix typing_extensions to support PEP 560 - Pass *args and **kwargs to superclass in Generic.__new__ - Fix interaction between generics and __init_subclass__ - Fix protocols in unions (runtime problem) - Fix interaction between typing_extensions and collections.abc - Override subclass check for the singledispatch library - Fix copying generic instances in Python 3 - Switch to setuptools in typing_extensions - Add class Protocol and @runtime to typing extensions - get_type_hints(): find the right globalns for classes and modules - Document the workflow for publishing wheels - Make sure copy and deepcopy are returning same class - Update pytest and pytest-xdist versions - Fix failing test test_protocol_instance_works Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1567=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-typing-3.7.4-3.3.2 References: https://bugzilla.suse.com/1162547 From sle-updates at lists.suse.com Wed Jul 8 07:14:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:14:54 +0200 (CEST) Subject: SUSE-SU-2019:3192-2: moderate: Security update for opencv Message-ID: <20200708131454.EFAFCFDE1@maintenance.suse.de> SUSE Security Update: Security update for opencv ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3192-2 Rating: moderate References: #1144348 #1144352 #1149742 #1154091 Cross-References: CVE-2019-14491 CVE-2019-14492 CVE-2019-15939 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for opencv fixes the following issues: Security issues fixed: - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered, leading to DOS (bsc#1144352). - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348). - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742). Non-security issue fixed: - Fixed an issue in opencv-devel that broke builds with "No rule to make target opencv_calib3d-NOTFOUND" (bsc#1154091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1875=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1875=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1875=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libopencv3_3-3.3.1-6.6.1 libopencv3_3-debuginfo-3.3.1-6.6.1 opencv-3.3.1-6.6.1 opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 opencv-devel-3.3.1-6.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 python2-opencv-3.3.1-6.6.1 python2-opencv-debuginfo-3.3.1-6.6.1 python3-opencv-3.3.1-6.6.1 python3-opencv-debuginfo-3.3.1-6.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 python2-opencv-3.3.1-6.6.1 python2-opencv-debuginfo-3.3.1-6.6.1 python3-opencv-3.3.1-6.6.1 python3-opencv-debuginfo-3.3.1-6.6.1 References: https://www.suse.com/security/cve/CVE-2019-14491.html https://www.suse.com/security/cve/CVE-2019-14492.html https://www.suse.com/security/cve/CVE-2019-15939.html https://bugzilla.suse.com/1144348 https://bugzilla.suse.com/1144352 https://bugzilla.suse.com/1149742 https://bugzilla.suse.com/1154091 From sle-updates at lists.suse.com Wed Jul 8 07:15:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:15:54 +0200 (CEST) Subject: SUSE-SU-2020:14421-1: important: Security update for MozillaFirefox Message-ID: <20200708131554.B5524FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14421-1 Rating: important References: #1166238 #1167231 #1173576 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14421=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.0.1-78.80.2 MozillaFirefox-branding-SLED-78-21.12.1 MozillaFirefox-translations-common-78.0.1-78.80.2 MozillaFirefox-translations-other-78.0.1-78.80.2 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1166238 https://bugzilla.suse.com/1167231 https://bugzilla.suse.com/1173576 From sle-updates at lists.suse.com Wed Jul 8 07:16:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:16:49 +0200 (CEST) Subject: SUSE-RU-2019:1417-3: moderate: Recommended update for libselinux, policycoreutils, setools Message-ID: <20200708131649.6EE23FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libselinux, policycoreutils, setools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1417-3 Rating: moderate References: #1130097 #1136515 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libselinux, policycoreutils, setools fixes the following issues: This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097) Also necessary dependencies for this package have been included in the update. python2-setools and python3-setools are shipped instead of python-setools. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1880=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1880=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1880=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1880=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1880=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 setools-tcl-3.3.8-4.7.1 setools-tcl-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-debugsource-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-networkx-2.0-3.2.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-networkx-2.0-3.2.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): setools-debuginfo-3.3.8-4.7.1 setools-devel-3.3.8-4.7.1 setools-java-3.3.8-4.7.1 setools-java-debuginfo-3.3.8-4.7.1 setools-libs-3.3.8-4.7.1 setools-libs-debuginfo-3.3.8-4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-networkx-2.0-3.2.8 References: https://bugzilla.suse.com/1130097 https://bugzilla.suse.com/1136515 From sle-updates at lists.suse.com Wed Jul 8 07:17:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:17:40 +0200 (CEST) Subject: SUSE-RU-2019:2362-2: moderate: Recommended update for python-cairo Message-ID: <20200708131740.2B55CFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cairo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2362-2 Rating: moderate References: #1142582 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-cairo does not fix any visible issues to users. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1876=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1876=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1876=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1876=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1876=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-1.15.1-3.3.1 python2-cairo-debuginfo-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-cairo-common-devel-1.15.1-3.3.1 python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python3-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python3-cairo-1.15.1-3.3.1 python3-cairo-debuginfo-1.15.1-3.3.1 References: https://bugzilla.suse.com/1142582 From sle-updates at lists.suse.com Wed Jul 8 07:18:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:18:23 +0200 (CEST) Subject: SUSE-SU-2019:2891-2: moderate: Security update for python-ecdsa Message-ID: <20200708131823.0848EFDE1@maintenance.suse.de> SUSE Security Update: Security update for python-ecdsa ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2891-2 Rating: moderate References: #1153165 #1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1877=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1877=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-ecdsa-0.13.3-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-ecdsa-0.13.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-ecdsa-0.13.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-14853.html https://www.suse.com/security/cve/CVE-2019-14859.html https://bugzilla.suse.com/1153165 https://bugzilla.suse.com/1154217 From sle-updates at lists.suse.com Wed Jul 8 07:19:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:19:09 +0200 (CEST) Subject: SUSE-SU-2020:1621-2: important: Security update for libEMF Message-ID: <20200708131909.4E8F9FDE1@maintenance.suse.de> SUSE Security Update: Security update for libEMF ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1621-2 Rating: important References: #1171496 #1171497 #1171498 #1171499 Cross-References: CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1621=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libEMF-debuginfo-1.0.7-3.3.1 libEMF-debugsource-1.0.7-3.3.1 libEMF1-1.0.7-3.3.1 libEMF1-debuginfo-1.0.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11863.html https://www.suse.com/security/cve/CVE-2020-11864.html https://www.suse.com/security/cve/CVE-2020-11865.html https://www.suse.com/security/cve/CVE-2020-11866.html https://bugzilla.suse.com/1171496 https://bugzilla.suse.com/1171497 https://bugzilla.suse.com/1171498 https://bugzilla.suse.com/1171499 From sle-updates at lists.suse.com Wed Jul 8 07:20:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:20:07 +0200 (CEST) Subject: SUSE-SU-2019:2425-2: important: Security update for nmap Message-ID: <20200708132007.B0BC1FDE1@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2425-2 Rating: important References: #1135350 #1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1874=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1874=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 References: https://www.suse.com/security/cve/CVE-2017-18594.html https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 https://bugzilla.suse.com/1148742 From sle-updates at lists.suse.com Wed Jul 8 07:20:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:20:55 +0200 (CEST) Subject: SUSE-SU-2020:1417-2: moderate: Security update for freetds Message-ID: <20200708132055.CF783FDE1@maintenance.suse.de> SUSE Security Update: Security update for freetds ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1417-2 Rating: moderate References: #1141132 Cross-References: CVE-2019-13508 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freetds to 1.1.36 fixes the following issues: Security issue fixed: - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 (bsc#1141132). Non-security issues fixed: - Enabled Kerberos support - Version update to 1.1.36: * Default TDS protocol version is now "auto" * Improved UTF-8 performances * TDS Pool Server is enabled * MARS support is enabled * NTLMv2 is enabled * See NEWS and ChangeLog for a complete list of changes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1417=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1417=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1417=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libct4-1.1.36-3.3.1 libct4-debuginfo-1.1.36-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libsybdb5-1.1.36-3.3.1 libsybdb5-debuginfo-1.1.36-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libsybdb5-1.1.36-3.3.1 libsybdb5-debuginfo-1.1.36-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-13508.html https://bugzilla.suse.com/1141132 From sle-updates at lists.suse.com Wed Jul 8 07:21:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:21:36 +0200 (CEST) Subject: SUSE-SU-2020:0819-2: important: Security update for icu Message-ID: <20200708132136.78EE2FDE1@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0819-2 Rating: important References: #1166844 Cross-References: CVE-2020-10531 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-819=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-819=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): icu-debuginfo-60.2-3.9.1 icu-debugsource-60.2-3.9.1 libicu60_2-60.2-3.9.1 libicu60_2-debuginfo-60.2-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): libicu60_2-bedata-60.2-3.9.1 libicu60_2-ledata-60.2-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): icu-60.2-3.9.1 icu-debuginfo-60.2-3.9.1 icu-debugsource-60.2-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-10531.html https://bugzilla.suse.com/1166844 From sle-updates at lists.suse.com Wed Jul 8 07:22:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:22:17 +0200 (CEST) Subject: SUSE-SU-2020:1553-2: moderate: Security update for libexif Message-ID: <20200708132218.009F2FDE1@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1553-2 Rating: moderate References: #1055857 #1059893 #1120943 #1160770 #1171475 #1171847 #1172105 #1172116 #1172121 Cross-References: CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1553=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1553=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1553=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libexif-debugsource-0.6.22-5.6.1 libexif12-32bit-0.6.22-5.6.1 libexif12-32bit-debuginfo-0.6.22-5.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): libexif-debugsource-0.6.22-5.6.1 libexif12-32bit-0.6.22-5.6.1 libexif12-32bit-debuginfo-0.6.22-5.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-5.6.1 libexif-devel-0.6.22-5.6.1 libexif12-0.6.22-5.6.1 libexif12-debuginfo-0.6.22-5.6.1 References: https://www.suse.com/security/cve/CVE-2016-6328.html https://www.suse.com/security/cve/CVE-2017-7544.html https://www.suse.com/security/cve/CVE-2018-20030.html https://www.suse.com/security/cve/CVE-2019-9278.html https://www.suse.com/security/cve/CVE-2020-0093.html https://www.suse.com/security/cve/CVE-2020-12767.html https://www.suse.com/security/cve/CVE-2020-13112.html https://www.suse.com/security/cve/CVE-2020-13113.html https://www.suse.com/security/cve/CVE-2020-13114.html https://bugzilla.suse.com/1055857 https://bugzilla.suse.com/1059893 https://bugzilla.suse.com/1120943 https://bugzilla.suse.com/1160770 https://bugzilla.suse.com/1171475 https://bugzilla.suse.com/1171847 https://bugzilla.suse.com/1172105 https://bugzilla.suse.com/1172116 https://bugzilla.suse.com/1172121 From sle-updates at lists.suse.com Wed Jul 8 07:23:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:23:45 +0200 (CEST) Subject: SUSE-RU-2020:0279-2: moderate: Recommended update for p11-kit Message-ID: <20200708132345.C10E1FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0279-2 Rating: moderate References: #1013125 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-279=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-279=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-279=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): p11-kit-32bit-0.23.2-4.8.3 p11-kit-32bit-debuginfo-0.23.2-4.8.3 p11-kit-debugsource-0.23.2-4.8.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): p11-kit-32bit-0.23.2-4.8.3 p11-kit-32bit-debuginfo-0.23.2-4.8.3 p11-kit-debugsource-0.23.2-4.8.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-4.8.3 libp11-kit0-debuginfo-0.23.2-4.8.3 p11-kit-0.23.2-4.8.3 p11-kit-debuginfo-0.23.2-4.8.3 p11-kit-debugsource-0.23.2-4.8.3 p11-kit-devel-0.23.2-4.8.3 p11-kit-nss-trust-0.23.2-4.8.3 p11-kit-tools-0.23.2-4.8.3 p11-kit-tools-debuginfo-0.23.2-4.8.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libp11-kit0-32bit-0.23.2-4.8.3 libp11-kit0-32bit-debuginfo-0.23.2-4.8.3 p11-kit-32bit-debuginfo-0.23.2-4.8.3 References: https://bugzilla.suse.com/1013125 From sle-updates at lists.suse.com Wed Jul 8 07:24:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:24:27 +0200 (CEST) Subject: SUSE-RU-2020:1541-2: moderate: Recommended update for pciutils Message-ID: <20200708132427.20A2FFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1541-2 Rating: moderate References: #1170554 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes the following issues: - Fix lspci outputs when few of the VPD data fields are displayed as unknown. (bsc#1170554, ltc#185587) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1541=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpci3-3.5.6-3.3.1 libpci3-debuginfo-3.5.6-3.3.1 pciutils-3.5.6-3.3.1 pciutils-debuginfo-3.5.6-3.3.1 pciutils-debugsource-3.5.6-3.3.1 pciutils-devel-3.5.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpci3-32bit-3.5.6-3.3.1 libpci3-32bit-debuginfo-3.5.6-3.3.1 References: https://bugzilla.suse.com/1170554 From sle-updates at lists.suse.com Wed Jul 8 07:25:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:25:09 +0200 (CEST) Subject: SUSE-SU-2020:1297-2: moderate: Security update for libvpx Message-ID: <20200708132509.E4248FDE1@maintenance.suse.de> SUSE Security Update: Security update for libvpx ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1297-2 Rating: moderate References: #1166066 Cross-References: CVE-2020-0034 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1297=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1297=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1297=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1297=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 vpx-tools-1.6.1-6.6.8 vpx-tools-debuginfo-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 vpx-tools-1.6.1-6.6.8 vpx-tools-debuginfo-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 libvpx-devel-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 libvpx4-1.6.1-6.6.8 libvpx4-debuginfo-1.6.1-6.6.8 References: https://www.suse.com/security/cve/CVE-2020-0034.html https://bugzilla.suse.com/1166066 From sle-updates at lists.suse.com Wed Jul 8 07:25:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:25:51 +0200 (CEST) Subject: SUSE-SU-2020:1580-2: moderate: Security update for texlive-filesystem Message-ID: <20200708132551.BACD0FDE1@maintenance.suse.de> SUSE Security Update: Security update for texlive-filesystem ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1580-2 Rating: moderate References: #1158910 #1159740 Cross-References: CVE-2020-8016 CVE-2020-8017 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1580=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): texlive-collection-basic-2017.135.svn41616-9.12.1 texlive-collection-bibtexextra-2017.135.svn44385-9.12.1 texlive-collection-binextra-2017.135.svn44515-9.12.1 texlive-collection-context-2017.135.svn42330-9.12.1 texlive-collection-fontsextra-2017.135.svn43356-9.12.1 texlive-collection-fontsrecommended-2017.135.svn35830-9.12.1 texlive-collection-fontutils-2017.135.svn37105-9.12.1 texlive-collection-formatsextra-2017.135.svn44177-9.12.1 texlive-collection-games-2017.135.svn42992-9.12.1 texlive-collection-humanities-2017.135.svn42268-9.12.1 texlive-collection-langarabic-2017.135.svn44496-9.12.1 texlive-collection-langchinese-2017.135.svn42675-9.12.1 texlive-collection-langcjk-2017.135.svn43009-9.12.1 texlive-collection-langcyrillic-2017.135.svn44401-9.12.1 texlive-collection-langczechslovak-2017.135.svn32550-9.12.1 texlive-collection-langenglish-2017.135.svn43650-9.12.1 texlive-collection-langeuropean-2017.135.svn44414-9.12.1 texlive-collection-langfrench-2017.135.svn40375-9.12.1 texlive-collection-langgerman-2017.135.svn42045-9.12.1 texlive-collection-langgreek-2017.135.svn44192-9.12.1 texlive-collection-langitalian-2017.135.svn30372-9.12.1 texlive-collection-langjapanese-2017.135.svn44554-9.12.1 texlive-collection-langkorean-2017.135.svn42106-9.12.1 texlive-collection-langother-2017.135.svn44414-9.12.1 texlive-collection-langpolish-2017.135.svn44371-9.12.1 texlive-collection-langportuguese-2017.135.svn30962-9.12.1 texlive-collection-langspanish-2017.135.svn40587-9.12.1 texlive-collection-latex-2017.135.svn41614-9.12.1 texlive-collection-latexextra-2017.135.svn44544-9.12.1 texlive-collection-latexrecommended-2017.135.svn44177-9.12.1 texlive-collection-luatex-2017.135.svn44500-9.12.1 texlive-collection-mathscience-2017.135.svn44396-9.12.1 texlive-collection-metapost-2017.135.svn44297-9.12.1 texlive-collection-music-2017.135.svn40561-9.12.1 texlive-collection-pictures-2017.135.svn44395-9.12.1 texlive-collection-plaingeneric-2017.135.svn44177-9.12.1 texlive-collection-pstricks-2017.135.svn44460-9.12.1 texlive-collection-publishers-2017.135.svn44485-9.12.1 texlive-collection-xetex-2017.135.svn43059-9.12.1 texlive-devel-2017.135-9.12.1 texlive-extratools-2017.135-9.12.1 texlive-filesystem-2017.135-9.12.1 texlive-scheme-basic-2017.135.svn25923-9.12.1 texlive-scheme-context-2017.135.svn35799-9.12.1 texlive-scheme-full-2017.135.svn44177-9.12.1 texlive-scheme-gust-2017.135.svn44177-9.12.1 texlive-scheme-infraonly-2017.135.svn41515-9.12.1 texlive-scheme-medium-2017.135.svn44177-9.12.1 texlive-scheme-minimal-2017.135.svn13822-9.12.1 texlive-scheme-small-2017.135.svn41825-9.12.1 texlive-scheme-tetex-2017.135.svn44187-9.12.1 References: https://www.suse.com/security/cve/CVE-2020-8016.html https://www.suse.com/security/cve/CVE-2020-8017.html https://bugzilla.suse.com/1158910 https://bugzilla.suse.com/1159740 From sle-updates at lists.suse.com Wed Jul 8 07:26:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:26:38 +0200 (CEST) Subject: SUSE-SU-2020:1591-2: important: Security update for MozillaThunderbird Message-ID: <20200708132638.33CC0FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1591-2 Rating: important References: #1172402 Cross-References: CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 68.9.0 (bsc#1172402) - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety issues - CVE-2020-12398: Fixed a potential information leak due to security downgrade with IMAP STARTTLS - Use a symbolic icon from branding internals Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1591=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.9.0-3.85.2 MozillaThunderbird-debuginfo-68.9.0-3.85.2 MozillaThunderbird-debugsource-68.9.0-3.85.2 MozillaThunderbird-translations-common-68.9.0-3.85.2 MozillaThunderbird-translations-other-68.9.0-3.85.2 References: https://www.suse.com/security/cve/CVE-2020-12398.html https://www.suse.com/security/cve/CVE-2020-12405.html https://www.suse.com/security/cve/CVE-2020-12406.html https://www.suse.com/security/cve/CVE-2020-12410.html https://bugzilla.suse.com/1172402 From sle-updates at lists.suse.com Wed Jul 8 07:27:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:27:17 +0200 (CEST) Subject: SUSE-RU-2020:0998-2: moderate: Recommended update for python-pycups Message-ID: <20200708132717.96F25FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pycups ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0998-2 Rating: moderate References: #735865 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pycups fixes the following issues: - add BuildRequires: python-cups to printer driver packages. (bsc#735865) Package /usr/lib/rpm/postscriptdriver.prov again, in the new "cups-rpm-helper" subpackage. The file hasn't been packaged any more after the switch from python-cups to python-pycups. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-998=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-998=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): python-pycups-debuginfo-1.9.74-3.3.2 python-pycups-debugsource-1.9.74-3.3.2 python2-pycups-1.9.74-3.3.2 python2-pycups-debuginfo-1.9.74-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-pycups-debuginfo-1.9.74-3.3.2 python-pycups-debugsource-1.9.74-3.3.2 python3-pycups-1.9.74-3.3.2 python3-pycups-debuginfo-1.9.74-3.3.2 References: https://bugzilla.suse.com/735865 From sle-updates at lists.suse.com Thu Jul 9 07:12:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 15:12:30 +0200 (CEST) Subject: SUSE-RU-2020:1882-1: moderate: Recommended update for crmsh Message-ID: <20200709131230.8D5DDFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1882-1 Rating: moderate References: #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for using SBDManager to configure sbd and enable systemd service as it is necessary. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-1882=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1585823743.3acb5567-3.30.1 crmsh-scripts-4.1.0+git.1585823743.3acb5567-3.30.1 References: https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Thu Jul 9 07:13:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 15:13:22 +0200 (CEST) Subject: SUSE-RU-2020:1881-1: moderate: Recommended update for python-kiwi Message-ID: <20200709131322.55ED8FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1881-1 Rating: moderate References: #1156677 #1168973 #1172928 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Fixed checking for root device in grub config. (bsc#1172928) - Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-1881=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1881=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): kiwi-pxeboot-9.20.5-3.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.20.5-3.16.1 dracut-kiwi-live-9.20.5-3.16.1 dracut-kiwi-oem-dump-9.20.5-3.16.1 dracut-kiwi-oem-repart-9.20.5-3.16.1 dracut-kiwi-overlay-9.20.5-3.16.1 kiwi-man-pages-9.20.5-3.16.1 kiwi-tools-9.20.5-3.16.1 kiwi-tools-debuginfo-9.20.5-3.16.1 python-kiwi-debugsource-9.20.5-3.16.1 python3-kiwi-9.20.5-3.16.1 References: https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1172928 From sle-updates at lists.suse.com Thu Jul 9 07:14:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 15:14:15 +0200 (CEST) Subject: SUSE-RU-2020:1883-1: moderate: Recommended update for crmsh Message-ID: <20200709131415.9216AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1883-1 Rating: moderate References: #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for using SBDManager to configure sbd and enable systemd service as it is necessary. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1883=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1585823743.3acb5567-3.22.1 crmsh-scripts-4.1.0+git.1585823743.3acb5567-3.22.1 References: https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Thu Jul 9 11:32:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:32:58 +0200 (CEST) Subject: SUSE-CU-2020:359-1: Security update of suse/sles12sp3 Message-ID: <20200709173258.54BF2FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:359-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.174 , suse/sles12sp3:latest Container Release : 24.174 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1842-1 Released: Fri Jul 3 22:40:42 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-updates at lists.suse.com Thu Jul 9 11:41:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:41:26 +0200 (CEST) Subject: SUSE-CU-2020:360-1: Security update of suse/sles12sp4 Message-ID: <20200709174126.EA2FBFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:360-1 Container Tags : suse/sles12sp4:26.205 , suse/sles12sp4:latest Container Release : 26.205 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1171883 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1842-1 Released: Fri Jul 3 22:40:42 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1857-1 Released: Mon Jul 6 17:07:31 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-updates at lists.suse.com Thu Jul 9 11:45:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:45:17 +0200 (CEST) Subject: SUSE-CU-2020:361-1: Security update of suse/sles12sp5 Message-ID: <20200709174517.DA739FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:361-1 Container Tags : suse/sles12sp5:6.5.21 , suse/sles12sp5:latest Container Release : 6.5.21 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1171883 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1828-1 Released: Thu Jul 2 13:07:28 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1857-1 Released: Mon Jul 6 17:07:31 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-updates at lists.suse.com Thu Jul 9 11:54:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:54:19 +0200 (CEST) Subject: SUSE-CU-2020:362-1: Security update of suse/sle15 Message-ID: <20200709175419.9A977FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:362-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.231 Container Release : 4.22.231 Severity : important Type : security References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873 1133297 1137001 1139959 1154803 1154803 1164543 1164543 1165476 1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990 1168990 1169947 1170801 1171224 1171883 1172135 1172698 1172704 1172925 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1858-1 Released: Mon Jul 6 17:08:06 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) From sle-updates at lists.suse.com Thu Jul 9 12:00:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 20:00:35 +0200 (CEST) Subject: SUSE-CU-2020:363-1: Security update of suse/sle15 Message-ID: <20200709180035.785D7FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:363-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.264 Container Release : 6.2.264 Severity : important Type : security References : 1130873 1154803 1164543 1165476 1165573 1166610 1167122 1168990 1169947 1170801 1171224 1171883 1172135 1172698 1172704 1172925 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) From sle-updates at lists.suse.com Thu Jul 9 12:00:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2020 20:00:59 +0200 (CEST) Subject: SUSE-CU-2020:364-1: Security update of suse/sle15 Message-ID: <20200709180059.C73F0FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:364-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.699 Container Release : 8.2.699 Severity : important Type : security References : 1172698 1172704 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). From sle-updates at lists.suse.com Fri Jul 10 10:13:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2020 18:13:13 +0200 (CEST) Subject: SUSE-RU-2020:1885-1: moderate: Recommended update for cloud-init Message-ID: <20200710161313.C3AE8FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1885-1 Rating: moderate References: #1170154 #1171546 #1171995 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1885=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-19.4-8.23.2 cloud-init-config-suse-19.4-8.23.2 References: https://bugzilla.suse.com/1170154 https://bugzilla.suse.com/1171546 https://bugzilla.suse.com/1171995 From sle-updates at lists.suse.com Fri Jul 10 13:12:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:12:26 +0200 (CEST) Subject: SUSE-SU-2020:1887-1: important: Security update for xen Message-ID: <20200710191226.CECE0FDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1887-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1887=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1887=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.3_04-3.18.1 xen-devel-4.12.3_04-3.18.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.3_04-3.18.1 xen-debugsource-4.12.3_04-3.18.1 xen-doc-html-4.12.3_04-3.18.1 xen-libs-32bit-4.12.3_04-3.18.1 xen-libs-4.12.3_04-3.18.1 xen-libs-debuginfo-32bit-4.12.3_04-3.18.1 xen-libs-debuginfo-4.12.3_04-3.18.1 xen-tools-4.12.3_04-3.18.1 xen-tools-debuginfo-4.12.3_04-3.18.1 xen-tools-domU-4.12.3_04-3.18.1 xen-tools-domU-debuginfo-4.12.3_04-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Fri Jul 10 13:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:13:37 +0200 (CEST) Subject: SUSE-SU-2020:1886-1: important: Security update for xen Message-ID: <20200710191337.8BCDBFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1886-1 Rating: important References: #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15567 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1886=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1886=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1886=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1886=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1886=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1886=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1886=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Fri Jul 10 13:14:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:14:29 +0200 (CEST) Subject: SUSE-SU-2020:1888-1: important: Security update for xen Message-ID: <20200710191429.C7B08FDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1888-1 Rating: important References: #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1888=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1888=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1888=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Fri Jul 10 13:15:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:15:28 +0200 (CEST) Subject: SUSE-SU-2020:1889-1: important: Security update for xen Message-ID: <20200710191528.F336CFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1889-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1889=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1889=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.3_04-3.22.1 xen-debugsource-4.12.3_04-3.22.1 xen-devel-4.12.3_04-3.22.1 xen-tools-4.12.3_04-3.22.1 xen-tools-debuginfo-4.12.3_04-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.3_04-3.22.1 xen-libs-4.12.3_04-3.22.1 xen-libs-debuginfo-4.12.3_04-3.22.1 xen-tools-domU-4.12.3_04-3.22.1 xen-tools-domU-debuginfo-4.12.3_04-3.22.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Sat Jul 11 01:12:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jul 2020 09:12:41 +0200 (CEST) Subject: SUSE-RU-2020:1890-1: moderate: Recommended update for fence-agents Message-ID: <20200711071241.1866DFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1890-1 Rating: moderate References: #1169485 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fix for the issue where object does not support indexing. (bsc#1169485) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1890=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-1890=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-3.14.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-3.14.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-3.14.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-3.14.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-3.14.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-3.14.1 References: https://bugzilla.suse.com/1169485 From sle-updates at lists.suse.com Mon Jul 13 07:13:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:13:56 +0200 (CEST) Subject: SUSE-OU-2020:1894-1: moderate: Optional update for python-Cerberus Message-ID: <20200713131356.E418DFDE1@maintenance.suse.de> SUSE Optional Update: Optional update for python-Cerberus ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1894-1 Rating: moderate References: #1121858 #1173465 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update for python-Cerberus fixes the following issues: - Update to version 1.3.2 * includes various features and improvements - please refer to the changelog for a detailed technical list of changes Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1894=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1894=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-Cerberus-1.3.2-7.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-Cerberus-1.3.2-7.9.1 References: https://bugzilla.suse.com/1121858 https://bugzilla.suse.com/1173465 From sle-updates at lists.suse.com Mon Jul 13 07:14:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:14:42 +0200 (CEST) Subject: SUSE-RU-2020:1895-1: moderate: Recommended update for drbd-utils Message-ID: <20200713131442.19F9CFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1895-1 Rating: moderate References: #1172624 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issues: - Fixes the output of 'drbdsetup status --json'. Sometimes it didn't return a valid JSON string (bsc#1172624) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-1895=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-1895=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): drbd-utils-9.4.0-3.10.1 drbd-utils-debuginfo-9.4.0-3.10.1 drbd-utils-debugsource-9.4.0-3.10.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-utils-9.4.0-3.10.1 drbd-utils-debuginfo-9.4.0-3.10.1 drbd-utils-debugsource-9.4.0-3.10.1 References: https://bugzilla.suse.com/1172624 From sle-updates at lists.suse.com Mon Jul 13 07:15:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:15:20 +0200 (CEST) Subject: SUSE-RU-2020:1896-1: moderate: Recommended update for drbd-utils Message-ID: <20200713131520.74438FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1896-1 Rating: moderate References: #1172624 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issues: - Fixes the output of 'drbdsetup status --json'. Sometimes it didn't return a valid JSON string (bsc#1172624) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-1896=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1896=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): drbd-utils-9.4.0-9.3.1 drbd-utils-debuginfo-9.4.0-9.3.1 drbd-utils-debugsource-9.4.0-9.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-utils-9.4.0-9.3.1 drbd-utils-debuginfo-9.4.0-9.3.1 drbd-utils-debugsource-9.4.0-9.3.1 References: https://bugzilla.suse.com/1172624 From sle-updates at lists.suse.com Mon Jul 13 07:15:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:15:59 +0200 (CEST) Subject: SUSE-RU-2020:1893-1: Recommended update for python-azure-sdk Message-ID: <20200713131559.EE780FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1893-1 Rating: low References: #1138748 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-sdk brings the following changes: - Changed package to a meta package requiring all others. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-1893=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-sdk-4.0.0-14.9.1 References: https://bugzilla.suse.com/1138748 From sle-updates at lists.suse.com Mon Jul 13 07:16:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:16:41 +0200 (CEST) Subject: SUSE-SU-2019:1267-3: moderate: Security update for graphviz Message-ID: <20200713131641.78B9FFDE1@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1267-3 Rating: moderate References: #1132091 Cross-References: CVE-2019-11023 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1892=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1892=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1892=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-tcl-2.40.1-6.3.2 graphviz-tcl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-perl-2.40.1-6.3.2 graphviz-perl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.3.2 graphviz-debuginfo-2.40.1-6.3.2 graphviz-debugsource-2.40.1-6.3.2 graphviz-devel-2.40.1-6.3.2 graphviz-plugins-core-2.40.1-6.3.2 graphviz-plugins-core-debuginfo-2.40.1-6.3.2 libgraphviz6-2.40.1-6.3.2 libgraphviz6-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gd-2.40.1-6.3.2 graphviz-gd-debuginfo-2.40.1-6.3.2 graphviz-python-2.40.1-6.3.2 graphviz-python-debuginfo-2.40.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2019-11023.html https://bugzilla.suse.com/1132091 From sle-updates at lists.suse.com Mon Jul 13 07:17:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:17:23 +0200 (CEST) Subject: SUSE-SU-2020:1891-1: important: Security update for xen Message-ID: <20200713131723.AFA05FDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1891-1 Rating: important References: #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1891=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1891=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1891=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1891=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Mon Jul 13 10:13:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:13:20 +0200 (CEST) Subject: SUSE-SU-2020:1899-1: important: Security update for MozillaFirefox Message-ID: <20200713161320.3B20DFC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1899-1 Rating: important References: #1167231 #1173576 #1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1899=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1899=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1899=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1899=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1899=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1899=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1899=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1899=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1899=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1899=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1899=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1899=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1899=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1899=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1167231 https://bugzilla.suse.com/1173576 https://bugzilla.suse.com/1173613 From sle-updates at lists.suse.com Mon Jul 13 10:14:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:14:17 +0200 (CEST) Subject: SUSE-SU-2020:1900-1: important: Security update for MozillaThunderbird Message-ID: <20200713161417.A2834FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1900-1 Rating: important References: #1173576 Cross-References: CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1900=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1900=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.10.0-3.88.1 MozillaThunderbird-debuginfo-68.10.0-3.88.1 MozillaThunderbird-debugsource-68.10.0-3.88.1 MozillaThunderbird-translations-common-68.10.0-3.88.1 MozillaThunderbird-translations-other-68.10.0-3.88.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.10.0-3.88.1 MozillaThunderbird-debuginfo-68.10.0-3.88.1 MozillaThunderbird-debugsource-68.10.0-3.88.1 MozillaThunderbird-translations-common-68.10.0-3.88.1 MozillaThunderbird-translations-other-68.10.0-3.88.1 References: https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://bugzilla.suse.com/1173576 From sle-updates at lists.suse.com Mon Jul 13 10:14:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:14:57 +0200 (CEST) Subject: SUSE-SU-2020:1898-1: important: Security update for MozillaFirefox Message-ID: <20200713161457.85F00FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1898-1 Rating: important References: #1166238 #1173576 #1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1898=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1898=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-3.94.2 MozillaFirefox-branding-SLE-78-4.14.1 MozillaFirefox-debuginfo-78.0.1-3.94.2 MozillaFirefox-debugsource-78.0.1-3.94.2 MozillaFirefox-translations-common-78.0.1-3.94.2 MozillaFirefox-translations-other-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-3.94.2 MozillaFirefox-branding-SLE-78-4.14.1 MozillaFirefox-debuginfo-78.0.1-3.94.2 MozillaFirefox-debugsource-78.0.1-3.94.2 MozillaFirefox-translations-common-78.0.1-3.94.2 MozillaFirefox-translations-other-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.1-3.94.2 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1166238 https://bugzilla.suse.com/1173576 https://bugzilla.suse.com/1173613 From sle-updates at lists.suse.com Tue Jul 14 10:13:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:13:59 +0200 (CEST) Subject: SUSE-SU-2020:1901-1: important: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm Message-ID: <20200714161359.BD4F6FC39@maintenance.suse.de> SUSE Security Update: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1901-1 Rating: important References: #1068612 #1092420 #1107190 #1108719 #1123872 #1126503 #1141968 #11483483 #1148383 #1153191 #1156525 #1159046 #1160152 #1160153 #1160192 #1160790 #1160851 #1161088 #1161089 #1161670 #1164322 #1167244 #1168593 #1169770 #1170657 #1171273 #1171560 #1171594 #1171661 #1171909 #1172166 #1172167 #1172175 #1172176 #1172409 Cross-References: CVE-2017-1000246 CVE-2019-1010083 CVE-2019-15043 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-16865 CVE-2019-18874 CVE-2019-19911 CVE-2019-3828 CVE-2020-10663 CVE-2020-10743 CVE-2020-11076 CVE-2020-11077 CVE-2020-12052 CVE-2020-13254 CVE-2020-13379 CVE-2020-13596 CVE-2020-5312 CVE-2020-5313 CVE-2020-5390 CVE-2020-8151 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has 12 fixes is now available. Description: This update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm contains the following fixes: The update fixes several security issues: ansible - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503). grafana - CVE-2020-13379: Fixed an incorrect access control issue which could lead to information leaks or denial of service (bsc#1172409). - CVE-2020-12052: Fixed an cross site scripting vulnerability related to the annotation popup (bsc#1170657). kibana - CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909). python-Django - CVE-2020-13254: Fixed a data leakage via malformed memcached keys. (bsc#1172167) - CVE-2020-13596: Fixed a cross site scripting vulnerability related to the admin parameters of the ForeignKeyRawIdWidget. (bsc#1172166) python-Flask - CVE-2019-1010083: Fixed a denial of service via crafted encoded JSON. (bsc#1141968) python-Pillow - CVE-2019-16865: Fixed a denial of service with specially crafted image files. (bsc#1153191) - CVE-2020-5312: Fixed a buffer overflow in the PCX P mode. (bsc#1160152) - CVE-2020-5313: Fixed a buffer overflow related to FLI. (bsc#1160153) - CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py. (bsc#1160192) python-psutil - CVE-2019-18874: Fixed a double free caused by refcount mishandling. (bsc#1156525) python-pysaml2 - CVE-2020-5390: Fixed an issue with the verification of signatures in SAML documents. (bsc#1160851) - CVE-2017-1000246: Fixed an issue with weak encryption data, caused by initialization vector reuse. (bsc#1068612) python-waitress (to version 1.4.3) - CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF handling. (bsc#1161088) - CVE-2019-16786: Fixed HTTP request smuggling through invalid Transfer-Encoding. (bsc#1161089) - CVE-2019-16789: Fixed HTTP Request Smuggling through Invalid whitespace characters. (bsc#1160790) - CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length header handling. (bsc#1161670) rubygem-activeresource - CVE-2020-8151: Fixed information disclosure issue via specially crafted requests. (bsc#1171560) rubygem-json-1_7 - CVE-2020-10663: Fixed an unsafe object creation vulnerability. (bsc#1167244) rubygem-puma - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage. (bsc#1172175) - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header. (bsc#1172176) Other non-security fixes in in the update below: Changes in ansible: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in ansible1: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in ardana-ansible: - Update to version 8.0+git.1589740980.6c3bcdc: * Reconfigure rabbitmq user permissions on update (SOC-11082) - Update to version 8.0+git.1588953487.9bfd5cb: * Fix incorrect prefix used to collect supportconfig files (bsc#1171273) - Update to version 8.0+git.1585690828.81d8f45: * Cleanup keystone-ansible (bsc#1108719) Changes in ardana-cluster: - Update to version 8.0+git.1585685203.3e71e49: * Use bool filter to ensure valid boolean evaluation (SOC-11192) Changes in ardana-freezer: - Update to version 8.0+git.1586539529.b7d295f: * Recovering Cloud8 using Freezer or SSH backups if upgrade fails (SOC-10137) Changes in ardana-input-model: - Update to version 8.0+git.1589740934.0e0ad61: * Add default rabbitmq exchange write permissions (SOC-11082) - Update to version 8.0+git.1586174594.2b92ec3: * add port neutron security extension to CI models (SOC-11027) Changes in ardana-logging: - Update to version 8.0+git.1591194866.b7375d0: * kibana: set x-frame-options header (bsc#1171909) - Update to version 8.0+git.1586179244.ae61f62: * Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593) Changes in ardana-mq: - Update to version 8.0+git.1589715269.62ad6df: * Don't mirror reply queues (SOC-10317) - Update to version 8.0+git.1586784724.586343d: * Actually fail if sync HA queues retries exceeded (SOC-11083) Changes in ardana-neutron: - Update to version 8.0+git.1590756744.ba84abc: * Update L3 rootwrap filters (SOC-11306) - Update to version 8.0+git.1587737509.4e09de3: * Add network.target "After" option (bsc#1169770) - Update to version 8.0+git.1586546152.e7bc07f: * Add neutron-common role dependencies (SOC-10875) - Update to version 8.0+git.1586543712.62bb5a3: * Fix neutron-ovsvapp-agent status (SOC-10637) - Update to version 8.0+git.1586535447.55769df: * Improve neutron service restart limit handling (SOC-8746) - Update to version 8.0+git.1586519528.a28db53: * Correctly setup ardana_notify_... fact (SOC-10902) Changes in ardana-octavia: - Update to version 8.0+git.1590100427.cf4cc8f: * fix octavia to glance communication over internal endpoint (SOC-11294) Changes in ardana-osconfig: - Update to version 8.0+git.1587034587.eac37b8: * Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223) Changes in caasp-openstack-heat-templates: - Switch github URL from git@ to git:// to bypass authentication Changes in crowbar-core: - Update to version 5.0+git.1593156248.55bbdb26d: * Ignore CVE-8184 (SOC-11299) * Ignore latest ruby-related CVEs in the CI (SOC-11299) - Update to version 5.0+git.1589804984.44a89be24: * provisioner: Fix ssh key validation (SOC-11126) * assign host to hostless keys (noref) Changes in crowbar-openstack: - Update to version 5.0+git.1593085772.64c4ab43c: * monasca: Prevent deploying monasca-server to the node in pacemaker cluster (SOC-6354) - Update to version 5.0+git.1591171674.1f299cd1c: * Restore undeprecated nova dhcp_domain option (bsc#1171594) - Update to version 5.0+git.1591104265.683d76534: * [5.0] Fix availability zone script (bsc#1171661) - Update to version 5.0+git.1590398068.f5cfacc12: * nova: only create nonexistent cell1 - Update to version 5.0+git.1590150829.e86326d03: * [5.0] Tempest: enable test_volume_boot_pattern test (SOC-10874) - Update to version 5.0+git.1589814633.23fde86ab: * rabbitmq: sync startup definitions.json with recipe (SOC-11077,SOC-11274) - Update to version 5.0+git.1589647291.73c7f1cb6: * [5.0] trove: fix rabbitmq connection URL (SOC-11286) - Update to version 5.0+git.1589214669.8332efff3: * Fix monasca libvirt ping checks (bsc#1107190) - Update to version 5.0+git.1588271874.90adebc7a: * run keystone_register on cluster founder only when HA (SOC-11248) * nova: run keystone_register on cluster founder only (SOC-11243) - Update to version 5.0+git.1588059034.3823515b7: * tempest: retry openstack commands (SOC-11238) - Update to version 5.0+git.1587403360.c43cd9905: * tempest: disable block migration when using RBD (SOC-11176) - Update to version 5.0+git.1586293860.901cb0f55: * monasca: disable postgres backend monitoring by default (SOC-11190) - Update to version 5.0+git.1585659861.c29fac257: * magnum: Populate SSL configuration (SOC-9849) * magnum: Add SSL support (SOC-9849) * nova: Populate cinder SES settings early (SOC-11179) Changes in documentation-suse-openstack-cloud: - Update to version 8.20200527: * Update Travis config: new container name (noref) - Update to version 8.20200417: * Recovering Cloud8 using Freezer or SSH backups if upgrade fails (SOC-10137) - Update to version 8.20200326: * Clarify wipe_disks does not affect non-OS partitions (bsc#1092420) Changes in grafana: - Add CVE-2020-13379.patch * Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379) - Refresh systemd-notification.patch - Fix declaration for LICENSE - Add 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch * Security: Fix annotation popup XSS vulnerability (bsc#1170657) - Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#11483483) Changes in kibana: - Add 0001-Configurable-custom-response-headers-for-server.patch (bsc#1171909, CVE-2020-10743) Changes in openstack-dashboard: - Update to version horizon-12.0.5.dev3: * Fix typo in publicize\_image policy name Changes in openstack-dashboard-theme-HPE: - Switch github URL from git@ to https:// to bypass authentication Changes in openstack-heat-templates: - Update to version 0.0.0+git.1582270132.8a20477: * Drop use of git.openstack.org * Add sample templates for Blazar Changes in openstack-keystone: - Update to version keystone-12.0.4.dev11: * Fix security issues with EC2 credentials - Update to version keystone-12.0.4.dev10: * Check timestamp of signed EC2 token request * Ensure OAuth1 authorized roles are respected - Update to version keystone-12.0.4.dev6: * Remove neutron-grenade job Changes in openstack-keystone: - Update to version keystone-12.0.4.dev11: * Fix security issues with EC2 credentials - Update to version keystone-12.0.4.dev10: * Check timestamp of signed EC2 token request * Ensure OAuth1 authorized roles are respected - Update to version keystone-12.0.4.dev6: * Remove neutron-grenade job Changes in openstack-monasca-agent: - update to version 2.2.6~dev4 - Add debug output for libvirt ping checks - Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190) - add addtional arguments to /bin/ip in sudoers - Fix missing sudo privleges (bsc#1107190) - add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers - removed 0001-Avoid-overwriting-sys.path-ip-command.patch - update to version 2.2.6~dev3 - Do not copy /sbin/ip to /usr/bin/monasa-agent-ip - update to version 2.2.6~dev2 - Remove incorrect assignment of ping_cmd to 'True' - update to version 2.2.6~dev1 - Update hacking version to 1.1.x Changes in openstack-monasca-installer: - Add 0001-kibana:-set-x-frame-options-header.patch (bsc#1171909, CVE-2020-10743) Changes in openstack-neutron: - Update to version neutron-11.0.9.dev65: * Revert iptables TCP checksum-fill code - Update to version neutron-11.0.9.dev64: * [Pike-only]: make grenade jobs non-voting Changes in openstack-neutron: - Update to version neutron-11.0.9.dev65: * Revert iptables TCP checksum-fill code - Update to version neutron-11.0.9.dev64: * [Pike-only]: make grenade jobs non-voting Changes in openstack-octavia-amphora-image: - Update image to 0.1.4 to include latest changes Changes in python-Django: - Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596) * Added patch CVE-2020-13254-1.8.19.patch * Added patch CVE-2020-13596-1.8.19.patch Changes in python-Flask: - Apply patch to resolve CVE-2019-1010083 (bsc#1141968) - 0001-detect-UTF-encodings-when-loading-json.patch Changes in python-GitPython: - Require git-core instead of git Changes in python-Pillow: - Remove decompression_bomb.gif and relevant test case to avoid ClamAV scan alerts during build - Add 001-Corrected-negative-seeks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 002-Added-DecompressionBombError.patch * From upstream, backported * Adds DecompressionBombError class * Used by 003-Added-decompression-bomb-checks.patch - Add 003-Added-decompression-bomb-checks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 004-Raise-error-if-dimension-is-a-string.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 005-Catch-buffer-overruns.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 006-Catch-PCX-P-mode-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5312, bsc#1160152 - Add 007-Test-animated-FLI-file.patch * From upstream, backported * Adds test animated FLI file * Used by 008-Ensure-previous-FLI-frame-is-loaded.patch - Add 008-Ensure-previous-FLI-frame-is-loaded.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 009-Catch-FLI-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5313, bsc#1160153 - Add 010-Invalid-number-of-bands-in-FPX-image.patch * From upstream, backported * Fixes CVE-2019-19911, bsc#1160192 Changes in python-amqp: - Add python-devel as build dependecy * Required when building against python 2.7.17 Changes in python-apicapi: - Add python-devel as build dependecy * Required when building against python 2.7.17 Changes in python-keystoneauth1: - switch to tracking stable/pike tarball - disable renderspec - update to version 3.1.2.dev2 - Make tests pass in 2020 - OpenDev Migration Patch - import zuul job settings from project-config into stable/pike - Remove tox_install.sh - import zuul job settings from project-config - Update UPPER_CONSTRAINTS_FILE for stable/pike into stable/pike - Update .gitreview for stable/pike into stable/pike - Updated from global requirements - Update UPPER_CONSTRAINTS_FILE for stable/pike - Update .gitreview for stable/pike Changes in python-oslo.messaging: - added 0001-Use-default-exchange-for-direct-messaging.patch (SOC-11082, SOC-11274, bsc#1159046) - Add 0001-Retry-to-declare-a-queue-after-internal-error.patch (bsc#1123872) After receiving "AMQP internal error 541", retry to create the queue after a delay. Changes in python-psutil: - Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874)) Changes in python-pyroute2: - netns: fix NetNS resource leakage (#504) (bsc#1164322) Changes in python-pysaml2: - Add 0001-Always-generate-a-random-IV-for-AES-operations.patch (CVE-2017-1000246, bsc#1068612) - Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch (CVE-2020-5390, bsc#1160851) Changes in python-tooz: - update to version 1.58.1 - Update .gitreview for stable/pike - import zuul job settings from project-config - Add doc/requirements.txt - Fix sphinx-docs job for stable branch Changes in python-waitress: - update to 1.4.3 to include fixes for: * CVE-2019-16785 / bsc#1161088 * CVE-2019-16786 / bsc#1161089 * CVE-2019-16789 / bsc#1160790 * CVE-2019-16792 / bsc#1161670 - make sure UTF8 locale is used when runnning tests * Sometimes functional tests executed in python3 failed if stdout was not set to UTF-8. The error message was: ValueError: underlying buffer has been detached - %python3_only -> %python_alternative - update to 1.4.3 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP request smuggling/splitting. - drop patch local-intersphinx-inventories.patch * it was commented out, anyway - update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes - update to 1.3.1 * Waitress won???t accidentally throw away part of the path if it starts with a double slash - version update to 1.3.0 Deprecations ~~~~~~~~~~~~ - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated pending removal in a future release. and https://github.com/Pylons/waitress/pull/246 Features ~~~~~~~~ - Add a new ``outbuf_high_watermark`` adjustment which is used to apply backpressure on the ``app_iter`` to avoid letting it spin faster than data can be written to the socket. This stabilizes responses that iterate quickly with a lot of data. See https://github.com/Pylons/waitress/pull/242 - Stop early and close the ``app_iter`` when attempting to write to a closed socket due to a client disconnect. This should notify a long-lived streaming response when a client hangs up. See https://github.com/Pylons/waitress/pull/238 and https://github.com/Pylons/waitress/pull/240 and https://github.com/Pylons/waitress/pull/241 - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how much waitress will buffer internally before flushing to the kernel, whereas previously it used to also throttle how much data was sent to the kernel. This change enables a streaming ``app_iter`` containing small chunks to still be flushed efficiently. See https://github.com/Pylons/waitress/pull/246 Bugfixes ~~~~~~~~ - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will no longer set the version to the string value "None". See https://github.com/Pylons/waitress/pull/252 and https://github.com/Pylons/waitress/issues/110 - When a client closes a socket unexpectedly there was potential for memory leaks in which data was written to the buffers after they were closed, causing them to reopen. See https://github.com/Pylons/waitress/pull/239 - Fix the queue depth warnings to only show when all threads are busy. See https://github.com/Pylons/waitress/pull/243 and https://github.com/Pylons/waitress/pull/247 - Trigger the ``app_iter`` to close as part of shutdown. This will only be noticeable for users of the internal server api. In more typical operations the server will die before benefiting from these changes. See https://github.com/Pylons/waitress/pull/245 - Fix a bug in which a streaming ``app_iter`` may never cleanup data that has already been sent. This would cause buffers in waitress to grow without bounds. These buffers now properly rotate and release their data. See https://github.com/Pylons/waitress/pull/242 - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger an exception when passed to the ``wsgi.file_wrapper`` callback. See https://github.com/Pylons/waitress/pull/249 - Trim marketing wording and other platform mentions. - Add fetch-intersphinx-inventories.sh to sources - Add local-intersphinx-inventories.patch for generating the docs correctly - update to version 1.2.1: too many changes to list here, see: https://github.com/Pylons/waitress/blob/master/CHANGES.txt or even: https://github.com/Pylons/waitress/commits/master - Remove superfluous devel dependency for noarch package - update to version 1.1.0: * Features + Waitress now has a __main__ and thus may be called with "python -mwaitress" * Bugfixes + Waitress no longer allows lowercase HTTP verbs. This change was made to fall in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + When receiving non-ascii bytes in the request URL, waitress will no longer abruptly close the connection, instead returning a 400 Bad Request. See https://github.com/Pylons/waitress/pull/162 and https://github.com/Pylons/waitress/issues/64 - Update to 1.0.2 * Python 3.6 is now officially supported in Waitress * Add a work-around for libc issue on Linux not following the documented standards. If getnameinfo() fails because of DNS not being available it should return the IP address instead of the reverse DNS entry, however instead getnameinfo() raises. We catch this, and ask getnameinfo() for the same information again, explicitly asking for IP address instead of reverse DNS hostname. - Implement single-spec version. - Fix source URL. - update to 1.0.1: - IPv6 support on Windows was broken due to missing constants in the socket module. This has been resolved by setting the constants on Windows if they are missing. See https://github.com/Pylons/waitress/issues/138 - A ValueError was raised on Windows when passing a string for the port, on Windows in Python 2 using service names instead of port numbers doesn't work with `getaddrinfo`. This has been resolved by attempting to convert the port number to an integer, if that fails a ValueError will be raised. See https://github.com/Pylons/waitress/issues/139 - Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on hosts where there is no internet connection but localhost is requested to be bound to. See https://github.com/Pylons/waitress/issues/131 for more information. - disable tests. need network access. Changes in storm: - update to 1.1.3: * 1.1.3: * [STORM-3026] - Upgrade ZK instance for security * [STORM-3027] - Make Impersonation Optional * [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined * [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology * [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field * [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka * [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks * [STORM-2981] - Upgrade Curator to lastest patch version * [STORM-2985] - Add jackson-annotations to dependency management * [STORM-2989] - LogCleaner should preserve current worker.log.metrics * [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets * [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply() * [STORM-3052] - Let blobs un archive * [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE * [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes * [STORM-3060] - Configuration mapping between storm-kafka & storm-kafka-client * [STORM-2952] - Deprecate storm-kafka in 1.x * [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated * [STORM-2841] - testNoAcksIfFlushFails UT fails with NullPointerException * 1.1.2: * [STORM-2512] - Change KafkaSpoutConfig in storm-kafka-client to make it work with flux * [STORM-2616] - Document the built in metrics (just in time to replace them???) * [STORM-2657] - Update SECURITY.MD * [STORM-2663] - Backport STORM-2558 and deprecate storm.cmd on 1.x-branch * [STORM-2712] - accept arbitrary number of rows per tuple in storm-cassandra * [STORM-2775] - Improve KafkaPartition Metric Names * [STORM-2807] - Integration test should shut down topologies immediately after the test * [STORM-2862] - More flexible logging in multilang (Python, Ruby, JS) * [STORM-2877] - Introduce an option to configure pagination in Storm UI * [STORM-2917] - Check the config(nimbus.host) before using it to connect * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack * [STORM-2426] - First tuples fail after worker is respawn * [STORM-2500] - waitUntilReady in PacemakerClient cannot be invoked * [STORM-2525] - Fix flaky integration tests * [STORM-2535] - test-reset-timeout is flaky. Replace with a more reliable test. * [STORM-2541] - Manual partition assignment doesn't work * [STORM-2607] - [kafka-client] Consumer group every time with lag 1 * [STORM-2642] - Storm-kafka-client spout cannot be serialized when using manual partition assignment * [STORM-2660] - The Nimbus storm-local directory is relative to the working directory of the shell executing "storm nimbus" * [STORM-2666] - Storm-kafka-client spout can sometimes emit messages that were already committed. * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes * [STORM-2677] - consider all sampled tuples which took greater than 0 ms processing time * [STORM-2682] - Supervisor crashes with NullPointerException * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make Supervisor.launchDaemon() accessible * [STORM-2695] - BlobStore uncompress argument should be Boolean * [STORM-2705] - DRPCSpout sleeps twice when idle * [STORM-2706] - Nimbus stuck in exception and does not fail fast * [STORM-2724] - ExecutorService in WaterMarkEventGenerator never shutdown * [STORM-2736] - o.a.s.b.BlobStoreUtils [ERROR] Could not update the blob with key * [STORM-2750] - fix double_checked locking * [STORM-2751] - Remove AsyncLoggingContext from Supervisor * [STORM-2764] - HDFSBlobStore leaks file system objects * [STORM-2769] - Fast-fail if output stream Id is null * [STORM-2771] - Some tests are being run twice * [STORM-2779] - NPE on shutting down WindowedBoltExecutor * [STORM-2786] - Ackers leak tracking info on failure and lots of other cases. * [STORM-2810] - Storm-hdfs tests are leaking resources * [STORM-2811] - Nimbus may throw NPE if the same topology is killed multiple times, and the integration test kills the same topology multiple times * [STORM-2814] - Logviewer HTTP server should return 403 instead of 200 if the user is unauthorized * [STORM-2815] - UI HTTP server should return 403 if the user is unauthorized * [STORM-2833] - Cached Netty Connections can have different keys for the same thing. * [STORM-2853] - Deactivated topologies cause high cpu utilization * [STORM-2855] - Travis build doesn't work after update of Ubuntu image * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty image * [STORM-2868] - Address handling activate/deactivate in multilang module files * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService which prevents process to be finished * [STORM-2876] - Some storm-hdfs tests fail with out of memory periodically * [STORM-2879] - Supervisor collapse continuously when there is a expired assignment for overdue storm * [STORM-2892] - Flux test fails to parse valid PATH environment variable * [STORM-2894] - fix some random typos in tests * [STORM-2912] - Tick tuple is being shared without resetting start time and incur side-effect to break metrics * [STORM-2918] - Upgrade Netty version * [STORM-2942] - Remove javadoc and source jars from toollib directory in binary distribution * [STORM-2874] - Minor style improvements to backpressure code * [STORM-2858] - Fix worker-launcher build * 1.1.1: * STORM-2659: Add daemon.name variable to storm.cmd to fix log4j logging * STORM-2652: fix error in open method of JmsSpout * STORM-2645: Update storm.py to be python3 compatible * STORM-2621: add tuple_population metric * STORM-2639: Kafka Spout incorrectly computes numCommittedOffsets due to voids in the topic (topic compaction) * STORM-2544: Fixing issue in acking of tuples that hit retry limit under manual commit mode * STORM-2618: Add TridentKafkaStateUpdater for storm-kafka-client * STORM-2608: Remove any pending offsets that are no longer valid * STORM-2503: Fix lgtm.com alerts on equality and comparison operations * STORM-2478: Fix BlobStoreTest.testDeleteAfterFailedCreate on Windows * STORM-2602: storm.zookeeper.topology.auth.payload doesn't work even you set it * STORM-2597: Don't parse passed in class paths * STORM-2564: We should provide a template for storm-cluster-auth.yaml * STORM-2568: Fix getTopicsString * STORM-2563: Remove the workaround to handle missing UGI.loginUserFromSubject * STORM-2552: KafkaSpoutMessageId should be serializable * STORM-2562: Use stronger key size than default for blow fish key generator and get rid of stack trace * STORM-2557: A bug in DisruptorQueue causing severe underestimation of queue arrival rates * STORM-2449: Ensure same key appears only once in State iterator * STORM-2516: Fix timing issues with testPrepareLateTupleStreamWithoutBuilder * STORM-2489: Overlap and data loss on WindowedBolt based on Duration * STORM-2528: Bump log4j version to 2.8.2 * STORM-2527: Initialize java.sql.DriverManager earlier to avoid deadlock * STORM-2413: Make new Kafka spout respect tuple retry limits * STORM-2518: Handles empty name for "USER type" ACL when normalizing ACLs * STORM-2511: Submitting a topology with name containing unicode getting failed * STORM-2496: Dependency artifacts should be uploaded to blobstore with READ permission for all * STORM-2505: Spout to support topic compaction * STORM-2498: Fix Download Full File link * STORM-2343: New Kafka spout can stop emitting tuples if more than maxUncommittedOffsets tuples fail at once. * STORM-2486: Prevent cd from printing target directory to avoid breaking classpath * STORM-2488: The UI user Must be HTTP. * STORM-2481: Upgrade Aether version to resolve Aether bug BUG-451566 * STORM-2435: Logging in storm.js inconsistent to console.log and does not support log levels * STORM-2315: New kafka spout can't commit offset when ack is disabled * STORM-2467: Use explicit charset when decoding from array backed buffer * STORM-1114: Race condition in trident zookeeper zk-node create/delete * STORM-2448: Add in Storm and JDK versions when submitting a topology * STORM-2343: Fix new Kafka spout stopping processing if more than maxUncommittedOffsets tuples fail at once * STORM-2431: the default blobstore.dir is storm.local.dir/blobs which is different from distcache-blobstore.md * STORM-2429: Properly validate supervisor.scheduler.meta * STORM-2451: windows storm.cmd does not set log4j2 config file correctly by default * STORM-2450: Write resources into correct local director * STORM-2440: Kill process if executor catches java.net.SocketTimeoutException * STORM-2432: Storm-Kafka-Client Trident Spout Seeks Incorrect Offset With UNCOMMITTED_LATEST Strategy * 1.1.0: * STORM-2425: Storm Hive Bolt not closing open transactions * STORM-2409: Storm-Kafka-Client KafkaSpout Support for Failed and NullTuples * STORM-2423: Join Bolt should use explicit instead of default window anchoring for emitted tuples * STORM-2416: Improve Release Packaging to Reduce File Size * STORM-2414: Skip checking meta's ACL when subject has write privileges for any blobs * STORM-2038: Disable symlinks with a config option * STORM-2240: STORM PMML Bolt - Add Support to Load Models from Blob Store * STORM-2412: Nimbus isLeader check while waiting for max replication * STORM-2408: build failed if storm.kafka.client.version = 0.10.2.0 * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be acked * STORM-2361: Kafka spout - after leader change, it stops committing offsets to ZK * STORM-2353: Replace kafka-unit by kafka_2.11 and kafka-clients to test kafka-clients:0.10.1.1 * STORM-2387: Handle tick tuples properly for Bolts in external modules * STORM-2345: Type mismatch in ReadClusterState's ProfileAction processing Map * STORM-2400: Upgraded Curator to 2.12.0 and made respective API changes * STORM-2396: setting interrupted status back before throwing a RuntimeException * STORM-1772: Adding Perf module with topologies for measuring performance * STORM-2395: storm.cmd supervisor calls the wrong class name * STORM-2391: Move HdfsSpoutTopology from storm-starter to storm-hdfs-examples * STORM-2389: Avoid instantiating Event Logger when topology.eventlogger.executors=0 * STORM-2386: Fail-back Blob deletion also fails in BlobSynchronizer.syncBlobs. * STORM-2388: JoinBolt breaks compilation against JDK 7 * STORM-2374: Storm Kafka Client Test Topologies Must be Serializable * STORM-2372: Pacemaker client doesn't clean up heartbeats properly * STORM-2326: Upgrade log4j and slf4j * STORM-2334: Join Bolt implementation * STORM-1363: TridentKafkaState should handle null values from TridentTupleToKafkaMapper.getMessageFromTuple() * STORM-2365: Support for specifying output stream in event hubs spout * STORM-2250: Kafka spout refactoring to increase modularity and testability * STORM-2340: fix AutoCommitMode issue in KafkaSpout * STORM-2344: Flux YAML File Viewer for Nimbus UI * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken * STORM-2270 Kafka spout should consume from latest when ZK partition commit offset bigger than the latest offset * STORM-1464: storm-hdfs support for multiple output files and partitioning * STORM-2320: DRPC client printer class reusable for local and remote DRPC * STORM-2281: Running Multiple Kafka Spouts (Trident) Throws Illegal State Exception * STORM-2296: Kafka spout no dup on leader changes * STORM-2244: Some shaded jars doesn't exclude dependency signature files * STORM-2014: New Kafka spout duplicates checking if failed messages have reached max retries * STORM-1443: [Storm SQL] Support customizing parallelism in StormSQL * STORM-2148: [Storm SQL] Trident mode: back to code generate and compile Trident topology * STORM-2331: Emitting from JavaScript should work when not anchoring. * STORM-2225: change spout config to be simpler. * STORM-2323: Precondition for Leader Nimbus should check all topology blobs and also corresponding dependencies * STORM-2330: Fix storm sql code generation for UDAF with non standard sql types * STORM-2298: Don't kill Nimbus when ClusterMetricsConsumer is failed to initialize * STORM-2301: [storm-cassandra] upgrade cassandra driver to 3.1.2 * STORM-1446: Compile the Calcite logical plan to Storm Trident logical plan * STORM-2303: [storm-opentsdb] Fix list invariant issue for JDK 7 * STORM-2236: storm kafka client should support manual partition management * STORM-2295: KafkaSpoutStreamsNamedTopics should return output fields with predictable ordering * STORM-2300: [Flux] support list of references * STORM-2297: [storm-opentsdb] Support Flux for OpenTSDBBolt * STORM-2294: Send activate and deactivate command to ShellSpout * STORM-2280: Upgrade Calcite version to 1.11.0 * STORM-2278: Allow max number of disruptor queue flusher threads to be configurable * STORM-2277: Add shaded jar for Druid connector * STORM-2274: Support named output streams in Hdfs Spout * STORM-2204: Adding caching capabilities in HBaseLookupBolt * STORM-2267: Use user's local maven repo. directory to local repo. * STORM-2254: Provide Socket time out for nimbus thrift client * STORM-2200: [Storm SQL] Drop Aggregate & Join support on Trident mode * STORM-2266: Close NimbusClient instances appropriately * STORM-2203: Add a getAll method to KeyValueState interface * STORM-1886: Extend KeyValueState iface with delete * STORM-2022: update Fields test to match new behavior * STORM-2020: Stop using sun internal classes * STORM-1228: port fields_test to java * STORM-2104: New Kafka spout crashes if partitions are reassigned while tuples are in-flight * STORM-2257: Add built in support for sum function with different types. * STORM-2082: add sql external module storm-sql-hdfs * STORM-2256: storm-pmml breaks on java 1.7 * STORM-2223: PMML Bolt. * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails * STORM-2190: reduce contention between submission and scheduling * STORM-2239: Handle InterruptException in new Kafka spout * STORM-2087: Storm-kafka-client: Failed tuples are not always replayed * STORM-2238: Add Timestamp extractor for windowed bolt * STORM-2235: Introduce new option: 'add remote repositories' for dependency resolver * STORM-2215: validate blobs are present before submitting * STORM-2170: [Storm SQL] Add built-in socket datasource to runtime * STORM-2226: Fix kafka spout offset lag ui for kerberized kafka * STORM-2224: Exposed a method to override in computing the field from given tuple in FieldSelector * STORM-2220: Added config support for each bolt in Cassandra bolts, fixed the bolts to be used also as sinks. * STORM-2205: Racecondition in getting nimbus summaries while ZK connectionions are reconnected * STORM-2182: Refactor Storm Kafka Examples Into Own Modules. * STORM-1694: Kafka Spout Trident Implementation Using New Kafka Consumer API * STORM-2173: [SQL] Support CSV as input / output format * STORM-2177: [SQL] Support TSV as input / output format * STORM-2172: [SQL] Support Avro as input / output format * STORM-2185: Storm Supervisor doesn't delete directories properly sometimes * STORM-2103: [SQL] Introduce new sql external module: storm-sql-mongodb * STORM-2175: fix double close of workers * STORM-2109: Under supervisor V2 SUPERVISOR_MEMORY_CAPACITY_MB and SUPERVISOR_CPU_CAPACITY must be Doubles * STORM-2110: in supervisor v2 filter out empty command line args * STORM-2117: Supervisor V2 with local mode extracts resources directory to topology root directory instead of temporary directory * STORM-2131: Add blob command to worker-launcher, make stormdist directory not writeable by topo owner * STORM-2018: Supervisor V2 * STORM-2139: Let ShellBolts and ShellSpouts run with scripts from blobs * STORM-2072: Add map, flatMap with different outputs (T->V) in Trident * STORM-2134: improving the current scheduling strategy for RAS * STORM-2125: Use Calcite's implementation of Rex Compiler * STORM-1546: Adding Read and Write Aggregations for Pacemaker to make it HA compatible * STORM-1444: Support EXPLAIN statement in StormSQL * STORM-2099: Introduce new sql external module: storm-sql-redis * STORM-2097: Improve logging in trident core and examples * STORM-2144: Fix Storm-sql group-by behavior in standalone mode * STORM-2066: make error message in IsolatedPool.java more descriptive * STORM-1870: Allow FluxShellBolt/Spout set custom "componentConfig" via yaml * STORM-2126: fix NPE due to race condition in compute-new-sched-assign??? * STORM-2124: show requested cpu mem for each component * STORM-2089: Replace Consumer of ISqlTridentDataSource with SqlTridentConsumer * STORM-2118: A few fixes for storm-sql standalone mode * STORM-2105: Cluster/Supervisor total and available resources displayed in the UI * STORM-2078: enable paging in worker datatable * STORM-1664: Allow Java users to start a local cluster with a Nimbus Thrift server. * STORM-1872: Release Jedis connection when topology shutdown * STORM-2100: Fix Trident SQL join tests to not rely on ordering * STORM-1837: Fix complete-topology and prevent message loss * STORM-2098: DruidBeamBolt: Pass DruidConfig.Builder as constructor argument * STORM-2092: optimize TridentKafkaState batch sending * STORM-1979: Storm Druid Connector implementation. * STORM-2057: Support JOIN statement in Storm SQL * STORM-1970: external project examples refator * STORM-2074: fix storm-kafka-monitor NPE bug * STORM-1459: Allow not specifying producer properties in read-only Kafka table in StormSQL * STORM-2052: Kafka Spout New Client API - Log Improvements and Parameter Tuning for Better Performance. * STORM-2050: [storm-sql] Support User Defined Aggregate Function for Trident mode * STORM-1434: Support the GROUP BY clause in StormSQL * STORM-2016: Topology submission improvement: support adding local jars and maven artifacts on submission * STORM-1994: Add table with per-topology & worker resource usage and components in (new) supervisor and topology pages * STORM-2042: Nimbus client connections not closed properly causing connection leaks * STORM-1766: A better algorithm server rack selection for RAS * STORM-1913: Additions and Improvements for Trident RAS API * STORM-2037: debug operation should be whitelisted in SimpleAclAuthorizer. * STORM-2023: Add calcite-core to dependency of storm-sql-runtime * STORM-2036: Fix minor bug in RAS Tests * STORM-1979: Storm Druid Connector implementation. * STORM-1839: Storm spout implementation for Amazon Kinesis Streams. * STORM-1876: Option to build storm-kafka and storm-kafka-client with different kafka client version * STORM-2000: Package storm-opentsdb as part of external dir in installation * STORM-1989: X-Frame-Options support for Storm UI * STORM-1962: support python 3 and 2 in multilang * STORM-1964: Unexpected behavior when using count window together with timestamp extraction * STORM-1890: ensure we refetch static resources after package build * STORM-1988: Kafka Offset not showing due to bad classpath. * STORM-1966: Expand metric having Map type as value into multiple metrics based on entries * STORM-1737: storm-kafka-client has compilation errors with Apache Kafka 0.10 * STORM-1968: Storm logviewer does not work for nimbus.log in secure cluster * STORM-1910: One topology cannot use hdfs spout to read from two locations * STORM-1960: Add CORS support to STORM UI Rest api * STORM-1959: Add missing license header to KafkaPartitionOffsetLag * STORM-1950: Change response json of "Topology Lag" REST API to keyed by spoutId, topic, partition. * STORM-1833: Simple equi-join in storm-sql standalone mode * STORM-1866: Update Resource Aware Scheduler Documentation * STORM-1930: Kafka New Client API - Support for Topic Wildcards * STORM-1924: Adding conf options for Persistent Word Count Topology * STORM-1956: Disabling Backpressure by default * STORM-1934: Fix race condition between sync-supervisor and sync-processes * STORM-1919: Introduce FilterBolt on storm-redis * STORM-1945: Fix NPE bugs on topology spout lag for storm-kafka-monitor * STORM-1888: add description for shell command * STORM-1902: add a simple & flexible FileNameFormat for storm-hdfs * STORM-1914: Storm Kafka Field Topic Selector * STORM-1907: PartitionedTridentSpoutExecutor has incompatible types that cause ClassCastException * STORM-1925: Remove Nimbus thrift call from Nimbus itself * STORM-1909: Update HDFS spout documentation * STORM-1136: Command line module to return kafka spout offsets lag and display in storm ui * STORM-1911: IClusterMetricsConsumer should use seconds to timestamp unit * STORM-1893: Support OpenTSDB for storing timeseries data. * STORM-1723: Introduce ClusterMetricsConsumer * STORM-1700: Introduce 'whitelist' / 'blacklist' option to MetricsConsumer * STORM-1698: Asynchronous MetricsConsumerBolt * STORM-1705: Cap number of retries for a failed message * STORM-1884: Prioritize pendingPrepare over pendingCommit * STORM-1575: fix TwitterSampleSpout NPE on close * STORM-1874: Update logger private permissions * STORM-1865: update command line client document * STORM-1771: HiveState should flushAndClose before closing old or idle Hive connections * STORM-1882: Expose TextFileReader public * STORM-1873: Implement alternative behaviour for late tuples * STORM-1719: Introduce REST API: Topology metric stats for stream * STORM-1887: Fixed help message for set_log_level command * STORM-1878: Flux can now handle IStatefulBolts * STORM-1864: StormSubmitter should throw respective exceptions and log respective errors forregistered submitter hook invocation * STORM-1868: Modify TridentKafkaWordCount to run in distributed mode * STORM-1859: Ack late tuples in windowed mode * STORM-1851: Fix default nimbus impersonation authorizer config * STORM-1848: Make KafkaMessageId and Partition serializable to support * STORM-1862: Flux ShellSpout and ShellBolt can't emit to named streams * Storm-1728: TransactionalTridentKafkaSpout error * STORM-1850: State Checkpointing Documentation update * STORM-1674: Idle KafkaSpout consumes more bandwidth than needed * STORM-1842: Forward references in storm.thrift cause tooling issues * STORM-1730: LocalCluster#shutdown() does not terminate all storm threads/thread pools. * STORM-1709: Added group by support in storm sql standalone mode * STORM-1720: Support GEO in storm-redis * 1.0.6: * [STORM-2877] - Introduce an option to configure pagination in Storm UI * [STORM-2917] - Check the config(nimbus.host) before using it to connect * [STORM-2451] - windows storm.cmd does not set log4j2 config file correctly by default * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make Supervisor.launchDaemon() accessible * [STORM-2751] - Remove AsyncLoggingContext from Supervisor * [STORM-2764] - HDFSBlobStore leaks file system objects * [STORM-2771] - Some tests are being run twice * [STORM-2786] - Ackers leak tracking info on failure and lots of other cases. * [STORM-2853] - Deactivated topologies cause high cpu utilization * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty image * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService which prevents process to be finished * [STORM-2879] - Supervisor collapse continuously when there is a expired assignment for overdue storm * [STORM-2892] - Flux test fails to parse valid PATH environment variable * [STORM-2894] - fix some random typos in tests * [STORM-2912] - Tick tuple is being shared without resetting start time and incur side-effect to break metrics * [STORM-2918] - Upgrade Netty version * [STORM-2874] - Minor style improvements to backpressure code * [STORM-2937] - Overwrite storm-kafka-client 1.x-branch into 1.0.x-branch * [STORM-2858] - Fix worker-launcher build - Use %license macro * 1.0.5: * [STORM-2657] - Update SECURITY.MD * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack * [STORM-2660] - The Nimbus storm-local directory is relative to the working directory of the shell executing "storm nimbus" * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes * [STORM-2677] - consider all sampled tuples which took greater than 0 ms processing time * [STORM-2682] - Supervisor crashes with NullPointerException * [STORM-2695] - BlobStore uncompress argument should be Boolean * [STORM-2705] - DRPCSpout sleeps twice when idle * 1.0.4: * STORM-2627: Update docs for storm.zookeeper.topology.auth.scheme * STORM-2597: Don't parse passed in class paths * STORM-2524: Set Kafka client.id with storm-kafka * STORM-2448: Add in Storm and JDK versions when submitting a topology * STORM-2511: Submitting a topology with name containing unicode getting failed * STORM-2498: Fix Download Full File link * STORM-2486: Prevent cd from printing target directory to avoid breaking classpath * STORM-1114: Race condition in trident zookeeper zk-node create/delete * STORM-2429: Properly validate supervisor.scheduler.meta * STORM-2194: Stop ignoring socket timeout error from executor * STORM-2450: Write resources into correct local director * STORM-2414: Skip checking meta's ACL when subject has write privileges for any blobs * STORM-2038: Disable symlinks with a config option * STORM-2038: No symlinks for local cluster * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be acked * STORM-2361: Kafka spout - after leader change, it stops committing offsets to ZK * STORM-2296: Kafka spout - no duplicates on leader changes * STORM-2387: Handle tick tuples properly for Bolts in external modules * STORM-2345: Type mismatch in ReadClusterState's ProfileAction processing Map * STORM-2104: New Kafka spout crashes if partitions are reassigned while tuples are in-flight * STORM-2396: setting interrupted status back before throwing a RuntimeException * STORM-2395: storm.cmd supervisor calls the wrong class name * STORM-2385: pacemaker_state_factory.clj does not compile on branch-1.0.x * STORM-2389: Avoid instantiating Event Logger when topology.eventlogger.executors=0 * STORM-2386: Fail-back Blob deletion also fails in BlobSynchronizer.syncBlobs * STORM-2360: Storm-Hive: Thrift version mismatch with storm-core * STORM-2372: Pacemaker client doesn't clean up heartbeats properly * STORM-2326: Upgrade log4j and slf4j * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken * 1.0.3: * STORM-2197: NimbusClient connectins leak due to leakage in ThriftClient * STORM-2321: Handle blobstore zk key deletion in KeySequenceNumber. * STORM-2324: Fix deployment failure if resources directory is missing in topology jar * STORM-2335: Fix broken Topology visualization with empty ':transferred' in executor stats * STORM-2336: Close Localizer and AsyncLocalizer when supervisor is shutting down * STORM-2338: Subprocess exception handling is broken in storm.py on Windows environment * STORM-2337: Broken documentation generation for storm-metrics-profiling-internal-actions.md and windows-users-guide.md * STORM-2325: Logviewer doesn't consider 'storm.local.hostname' * STORM-1742: More accurate 'complete latency' * STORM-2176: Workers do not shutdown cleanly and worker hooks don't run when a topology is killed * STORM-2293: hostname should only refer node's 'storm.local.hostname' * STORM-2246: Logviewer download link has urlencoding on part of the URL * STORM-1906: Window count/length of zero should be disallowed * STORM-1841: Address a few minor issues in windowing and doc * STORM-2268: Fix integration test for Travis CI build * STORM-2283: Fix DefaultStateHandler kryo multithreading issues * STORM-2264: OpaqueTridentKafkaSpout failing after STORM-2216 * STORM-2276: Remove twitter4j usages due to license issue (JSON.org is catalog X) * STORM-2095: remove any remaining files when deleting blobstore directory * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails * STORM-2251: Integration test refers specific version of Storm which should be project version * STORM-2234: heartBeatExecutorService in shellSpout don't work well with deactivate * STORM-2216: Favor JSONValue.parseWithException * STORM-2208: HDFS State Throws FileNotFoundException in Azure Data Lake Store file system (adl://) * STORM-2213: ShellSpout has race condition when ShellSpout is being inactive longer than heartbeat timeout * STORM-2210: remove array shuffle from ShuffleGrouping * STORM-2052: Kafka Spout - New Client API - Performance Improvements * storm-2205: Racecondition in getting nimbus summaries while ZK connections are reconnected * STORM-2198: perform RotationAction when stopping HdfsBolt * STORM-2196: A typo in RAS_Node::consumeCPU * STORM-2189: RAS_Node::freeCPU outputs incorrect info * STORM-2184: Don't wakeup KafkaConsumer on shutdown * STORM-2185: Storm Supervisor doesn't delete directories properly sometimes * STORM-2175: fix double close of workers * STORM-2018: Supervisor V2 * STORM-2145: Leave leader nimbus's hostname to log when trying to connect leader nimbus * STORM-2127: Storm-eventhubs should use latest amqp and eventhubs-client versions * STORM-2040: Fix bug on assert-can-serialize * STORM-2017: ShellBolt stops reporting task ids * STORM-2119: bug in log message printing to stdout * STORM-2120: Emit to _spoutConfig.outputStreamId * STORM-2101: fixes npe in compute-executors in nimbus * STORM-2090: Add integration test for storm windowing * STORM-2003: Make sure config contains TOPIC before get it * STORM-1567: in defaults.yaml 'topology.disable.loadaware' should be 'topology.disable.loadaware.messaging' * STORM-1987: Fix TridentKafkaWordCount arg handling in distributed mode. * STORM-1969: Modify HiveTopology to show usage of non-partition table. * STORM-1849: HDFSFileTopology should use the 3rd argument as topologyName * STORM-2086: use DefaultTopicSelector instead of creating a new one * STORM-2079: Unneccessary readStormConfig operation * STORM-2081: create external directory for storm-sql various data sources and move storm-sql-kafka to it * STORM-2070: Fix sigar native binary download link * STORM-2056: Bugs in logviewer * STORM-1646: Fix ExponentialBackoffMsgRetryManager test * STORM-2039: Backpressure refactoring in worker and executor * STORM-2064: Add storm name and function, access result and function to log-thrift-access * STORM-2063: Add thread name in worker logs * STORM-2042: Nimbus client connections not closed properly causing connection leaks * STORM-2032: removes warning in case more than one metrics tuple is received * STORM-1594: org.apache.storm.tuple.Fields can throw NPE if given invalid field in selector * STORM-1995: downloadChunk in nimbus.clj should close the input stream Changes in rubygem-activeresource: - Add bsc#1171560-CVE-2020-8151-encode-id-param.patch Prevent possible information disclosure issue that could allow an attacker to create specially crafted requests to access data in an unexpected way (bsc#1171560 CVE-2020-8151))_ Changes in rubygem-crowbar-client: - Update to 3.9.2 - Enable SES commands in Cloud8 (SOC-11122) Changes in rubygem-json-1_7: - Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244) Changes in rubygem-puma: - Fix indentation in gem2rpm.yml_ - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add chunked-request-handling.patch (needed for CVE-2020-11076.patch) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add all patches to gem2rpm.yml Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1901=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1901=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1901=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ansible-2.4.6.0-3.9.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 crowbar-openstack-5.0+git.1593085772.64c4ab43c-4.40.2 documentation-suse-openstack-cloud-deployment-8.20200527-1.26.1 documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1593156248.55bbdb26d-3.41.2 crowbar-core-branding-upstream-5.0+git.1593156248.55bbdb26d-3.41.2 grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 ruby2.1-rubygem-activeresource-4.0.0-3.3.1 ruby2.1-rubygem-crowbar-client-3.9.2-3.12.1 ruby2.1-rubygem-json-1_7-1.7.7-3.3.1 ruby2.1-rubygem-json-1_7-debuginfo-1.7.7-3.3.1 ruby2.1-rubygem-puma-2.16.0-3.9.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.9.1 rubygem-json-1_7-debugsource-1.7.7-3.3.1 rubygem-puma-debugsource-2.16.0-3.9.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ansible-2.4.6.0-3.9.1 ansible1-1.9.6-7.3.1 ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1 ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1 ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1 ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1 ardana-logging-8.0+git.1591194866.b7375d0-3.24.1 ardana-mq-8.0+git.1589715269.62ad6df-3.22.1 ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1 ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1 ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 documentation-suse-openstack-cloud-installation-8.20200527-1.26.1 documentation-suse-openstack-cloud-operations-8.20200527-1.26.1 documentation-suse-openstack-cloud-opsconsole-8.20200527-1.26.1 documentation-suse-openstack-cloud-planning-8.20200527-1.26.1 documentation-suse-openstack-cloud-security-8.20200527-1.26.1 documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1 documentation-suse-openstack-cloud-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-GitPython-2.1.8-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1 venv-openstack-horizon-x86_64-12.0.5~dev3-14.30.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2 venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2 venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3 venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1 venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2 venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1 - SUSE OpenStack Cloud 8 (x86_64): grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - HPE Helion Openstack 8 (x86_64): grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - HPE Helion Openstack 8 (noarch): ansible-2.4.6.0-3.9.1 ansible1-1.9.6-7.3.1 ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1 ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1 ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1 ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1 ardana-logging-8.0+git.1591194866.b7375d0-3.24.1 ardana-mq-8.0+git.1589715269.62ad6df-3.22.1 ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1 ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1 ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 documentation-hpe-helion-openstack-installation-8.20200527-1.26.1 documentation-hpe-helion-openstack-operations-8.20200527-1.26.1 documentation-hpe-helion-openstack-opsconsole-8.20200527-1.26.1 documentation-hpe-helion-openstack-planning-8.20200527-1.26.1 documentation-hpe-helion-openstack-security-8.20200527-1.26.1 documentation-hpe-helion-openstack-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-dashboard-theme-HPE-8+git.1523473653.6599ec8-3.3.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-GitPython-2.1.8-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.30.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2 venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2 venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3 venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1 venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2 venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1 References: https://www.suse.com/security/cve/CVE-2017-1000246.html https://www.suse.com/security/cve/CVE-2019-1010083.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-16785.html https://www.suse.com/security/cve/CVE-2019-16786.html https://www.suse.com/security/cve/CVE-2019-16789.html https://www.suse.com/security/cve/CVE-2019-16792.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-18874.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2019-3828.html https://www.suse.com/security/cve/CVE-2020-10663.html https://www.suse.com/security/cve/CVE-2020-10743.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-13254.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-13596.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://www.suse.com/security/cve/CVE-2020-5390.html https://www.suse.com/security/cve/CVE-2020-8151.html https://bugzilla.suse.com/1068612 https://bugzilla.suse.com/1092420 https://bugzilla.suse.com/1107190 https://bugzilla.suse.com/1108719 https://bugzilla.suse.com/1123872 https://bugzilla.suse.com/1126503 https://bugzilla.suse.com/1141968 https://bugzilla.suse.com/11483483 https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1156525 https://bugzilla.suse.com/1159046 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1160790 https://bugzilla.suse.com/1160851 https://bugzilla.suse.com/1161088 https://bugzilla.suse.com/1161089 https://bugzilla.suse.com/1161670 https://bugzilla.suse.com/1164322 https://bugzilla.suse.com/1167244 https://bugzilla.suse.com/1168593 https://bugzilla.suse.com/1169770 https://bugzilla.suse.com/1170657 https://bugzilla.suse.com/1171273 https://bugzilla.suse.com/1171560 https://bugzilla.suse.com/1171594 https://bugzilla.suse.com/1171661 https://bugzilla.suse.com/1171909 https://bugzilla.suse.com/1172166 https://bugzilla.suse.com/1172167 https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 https://bugzilla.suse.com/1172409 From sle-updates at lists.suse.com Tue Jul 14 10:20:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:20:28 +0200 (CEST) Subject: SUSE-SU-2020:1569-2: important: Security update for java-1_8_0-openjdk Message-ID: <20200714162028.901D8FDE4@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1569-2 Rating: important References: #1160398 #1169511 #1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1569=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.252-3.35.3 java-1_8_0-openjdk-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-debugsource-1.8.0.252-3.35.3 java-1_8_0-openjdk-demo-1.8.0.252-3.35.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-devel-1.8.0.252-3.35.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-headless-1.8.0.252-3.35.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.252-3.35.3 References: https://www.suse.com/security/cve/CVE-2020-2754.html https://www.suse.com/security/cve/CVE-2020-2755.html https://www.suse.com/security/cve/CVE-2020-2756.html https://www.suse.com/security/cve/CVE-2020-2757.html https://www.suse.com/security/cve/CVE-2020-2773.html https://www.suse.com/security/cve/CVE-2020-2781.html https://www.suse.com/security/cve/CVE-2020-2800.html https://www.suse.com/security/cve/CVE-2020-2803.html https://www.suse.com/security/cve/CVE-2020-2805.html https://www.suse.com/security/cve/CVE-2020-2830.html https://bugzilla.suse.com/1160398 https://bugzilla.suse.com/1169511 https://bugzilla.suse.com/1171352 From sle-updates at lists.suse.com Tue Jul 14 10:21:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:21:28 +0200 (CEST) Subject: SUSE-SU-2020:1902-1: important: Security update for xen Message-ID: <20200714162128.03EC2FDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1902-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1902=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1902=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.1_04-3.4.1 xen-debugsource-4.13.1_04-3.4.1 xen-devel-4.13.1_04-3.4.1 xen-tools-4.13.1_04-3.4.1 xen-tools-debuginfo-4.13.1_04-3.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.1_04-3.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.1_04-3.4.1 xen-libs-4.13.1_04-3.4.1 xen-libs-debuginfo-4.13.1_04-3.4.1 xen-tools-domU-4.13.1_04-3.4.1 xen-tools-domU-debuginfo-4.13.1_04-3.4.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-updates at lists.suse.com Tue Jul 14 13:13:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:13:27 +0200 (CEST) Subject: SUSE-OU-2020:1911-1: important: Initial shipment of package sles-ltss-release Message-ID: <20200714191327.137D6FDE1@maintenance.suse.de> SUSE Optional Update: Initial shipment of package sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1911-1 Rating: important References: #1173898 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 12 SP3 customers Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1911=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1911=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1911=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1911=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sles-ltss-release-12.4-13.4.1 sles-ltss-release-POOL-12.4-13.4.1 - SUSE OpenStack Cloud 9 (x86_64): sles-ltss-release-12.4-13.4.1 sles-ltss-release-POOL-12.4-13.4.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sles-ltss-release-12.4-13.4.1 sles-ltss-release-POOL-12.4-13.4.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sles-ltss-release-12.4-13.4.1 sles-ltss-release-POOL-12.4-13.4.1 References: https://bugzilla.suse.com/1173898 From sle-updates at lists.suse.com Tue Jul 14 13:14:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:14:07 +0200 (CEST) Subject: SUSE-RU-2020:1639-2: moderate: Recommended update for python3-ec2imgutils Message-ID: <20200714191407.32762FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1639-2 Rating: moderate References: #1171933 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python3-ec2imgutils contains the following fixes: - Update to version 8.0.0 (bsc#1171933) + Incompatible command line argument change for ec2publishimg. The --allow-copy option is no longer a boolean. It now supports the image and none keywords as well as a comma separated list of AWS account numbers. + Support having the snapshot copy permissions set differently than the image copy permissions. This supports published image aggregation into AWS MP. + ec2uploadimg tags the helper instance Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1639=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2imgutils-8.0.0-3.12.4 References: https://bugzilla.suse.com/1171933 From sle-updates at lists.suse.com Tue Jul 14 13:14:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:14:47 +0200 (CEST) Subject: SUSE-RU-2020:1558-2: moderate: Recommended update for chrony Message-ID: <20200714191447.0CC3AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1558-2 Rating: moderate References: #1172113 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1558=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): chrony-3.2-9.15.1 chrony-debuginfo-3.2-9.15.1 chrony-debugsource-3.2-9.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): chrony-pool-empty-3.2-9.15.1 chrony-pool-suse-3.2-9.15.1 References: https://bugzilla.suse.com/1172113 From sle-updates at lists.suse.com Tue Jul 14 13:15:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:15:28 +0200 (CEST) Subject: SUSE-RU-2020:0567-2: moderate: Recommended update for sendmail Message-ID: <20200714191528.5747BFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0567-2 Rating: moderate References: #1164084 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sendmail fixes the following issues: - If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session, possibly STARTTLS was not used even if it was offered. (bsc#1164084) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-567=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-567=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-567=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-8.6.1 rmail-debuginfo-8.15.2-8.6.1 sendmail-debuginfo-8.15.2-8.6.1 sendmail-debugsource-8.15.2-8.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-8.6.1 rmail-debuginfo-8.15.2-8.6.1 sendmail-debuginfo-8.15.2-8.6.1 sendmail-debugsource-8.15.2-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-8.6.1 libmilter1_0-debuginfo-8.15.2-8.6.1 sendmail-debuginfo-8.15.2-8.6.1 sendmail-debugsource-8.15.2-8.6.1 References: https://bugzilla.suse.com/1164084 From sle-updates at lists.suse.com Tue Jul 14 13:16:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:16:12 +0200 (CEST) Subject: SUSE-RU-2020:1644-2: moderate: Recommended update for powerpc-utils Message-ID: <20200714191612.9F3F6FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1644-2 Rating: moderate References: #1160890 #1164068 #1164726 #1171892 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Could not retrieve logical device name for Open Firmware path. (bsc#1164068) - Stop using /sbin/udevadm symlink. (bsc#1160890) - Remove a trailing NUL ('\0') byte from a vendor_id contents. (bsc#1171892) - Reduce the number of searches of /sys by searching directly in /sys/class/block. (bsc#1164726) - Reduce the number of searches of /sys by caching the content of a single search into a file in /tmp. (bsc#1164726) - Fixed one instance where the previous change corrupted the exit status of a command. (bsc#1164068) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1644=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.15.1 powerpc-utils-debuginfo-1.3.7.1-3.15.1 powerpc-utils-debugsource-1.3.7.1-3.15.1 References: https://bugzilla.suse.com/1160890 https://bugzilla.suse.com/1164068 https://bugzilla.suse.com/1164726 https://bugzilla.suse.com/1171892 From sle-updates at lists.suse.com Tue Jul 14 13:17:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:17:15 +0200 (CEST) Subject: SUSE-RU-2020:1907-1: moderate: Recommended update for lifecycle-data-sle-module-hpc Message-ID: <20200714191715.D8DABFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1907-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-hpc fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-1907=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-1907=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1907=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1907=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): lifecycle-data-sle-module-hpc-1-5.4.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): lifecycle-data-sle-module-hpc-1-5.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): lifecycle-data-sle-module-hpc-1-5.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): lifecycle-data-sle-module-hpc-1-5.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:17:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:17:59 +0200 (CEST) Subject: SUSE-RU-2020:1908-1: moderate: Recommended update for lifecycle-data-sle-module-server-applications Message-ID: <20200714191759.879FEFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-server-applications ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1908-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-server-applications fixes the following issues: - Update lifecycle data, no python2 module are shipped in this module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1908=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1908=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-server-applications-1-5.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-server-applications-1-5.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:18:43 +0200 (CEST) Subject: SUSE-SU-2020:1913-1: important: Security update for samba Message-ID: <20200714191843.9114FFDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1913-1 Rating: important References: #1171437 #1172307 #1173159 #1173160 #1173161 #1173359 Cross-References: CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359). - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161). - Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307). - Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1913=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1913=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1913=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-1913=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-ad-dc-4.9.5+git.343.4bc358522a9-3.38.1 samba-ad-dc-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 samba-dsdb-modules-4.9.5+git.343.4bc358522a9-3.38.1 samba-dsdb-modules-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-python-4.9.5+git.343.4bc358522a9-3.38.1 samba-python-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-binding0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-devel-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr-devel-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi-devel-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy-python3-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-python3-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient0-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util-devel-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient-devel-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-4.9.5+git.343.4bc358522a9-3.38.1 samba-client-4.9.5+git.343.4bc358522a9-3.38.1 samba-client-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-core-devel-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python3-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-python3-4.9.5+git.343.4bc358522a9-3.38.1 samba-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-32bit-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-32bit-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.343.4bc358522a9-3.38.1 ctdb-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.343.4bc358522a9-3.38.1 samba-ceph-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 References: https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 From sle-updates at lists.suse.com Tue Jul 14 13:19:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:19:59 +0200 (CEST) Subject: SUSE-RU-2020:1909-1: moderate: Recommended update for lifecycle-data-sle-module-desktop-applications Message-ID: <20200714191959.93EACFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-desktop-applications ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1909-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-desktop-applications fixes the following issues: - Update lifecycle data, all python2 packages in desktop applications module are in python2 module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1909=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1909=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-desktop-applications-1-5.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-desktop-applications-1-5.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:20:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:20:41 +0200 (CEST) Subject: SUSE-RU-2020:1906-1: moderate: Recommended update for lifecycle-data-sle-module-development-tools Message-ID: <20200714192041.23194FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-development-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1906-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1906=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): lifecycle-data-sle-module-development-tools-1-3.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:21:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:21:21 +0200 (CEST) Subject: SUSE-RU-2020:1904-1: moderate: Recommended update for lifecycle-data-sle-module-desktop-productivity Message-ID: <20200714192121.AF864FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-desktop-productivity ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1904-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-desktop-productivity fixes the following issues: - Update lifecycle data. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1904=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): lifecycle-data-sle-module-desktop-productivity-1-7.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:22:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:22:07 +0200 (CEST) Subject: SUSE-RU-2019:1695-2: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200714192207.7C9DEFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1695-2 Rating: moderate References: #1095804 #1103388 #1103696 #1104034 #1118492 #1120242 #1125610 #1125744 #1128529 #1128564 #1129243 #1129300 #1130077 #1131677 #1132346 #1133424 #1134876 #1136102 #1138130 #987798 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical6: - Add busybox package for tftp client POS_Image-JeOS6: - Add busybox package for tftp client hwdata: - Fix build for older distributon not supporting license tag at the SPEC file kiwi-desc-saltboot: - Refactor kernel check and kexec functionality - make sure that preinit is called with correct kernel - Support for SLES11 - Add nls modules for vfat - Fallback to previously installed image if SUMA is offline - Add tools to create efi partition - Add nvme drivers rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running "spacewalk-repo-sync" after migration to Zypper. - Include packages dependencies on "spacewalk-repo-sync" when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix "mgr-inter-sync" problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix "rhnpush" after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add "python-urlgrabber" as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use "Zypper" and "libsolv" in "spacewalk-repo-sync". Replace "yum". - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Compatibility with Python 2 and 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1912=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1912=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1912=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1912=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1912=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1912=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1912=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1912=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1912=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1912=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1912=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1912=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE OpenStack Cloud Crowbar 8 (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE OpenStack Cloud 9 (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE OpenStack Cloud 8 (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 - HPE Helion Openstack 8 (x86_64): golang-github-prometheus-node_exporter-0.17.0-1.3.7 References: https://bugzilla.suse.com/1095804 https://bugzilla.suse.com/1103388 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1118492 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1128529 https://bugzilla.suse.com/1128564 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1129300 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1132346 https://bugzilla.suse.com/1133424 https://bugzilla.suse.com/1134876 https://bugzilla.suse.com/1136102 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Tue Jul 14 13:25:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:25:01 +0200 (CEST) Subject: SUSE-RU-2020:1616-2: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20200714192501.8199BFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1616-2 Rating: moderate References: #1156067 #1156150 #1157685 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - Restart 'sapstartsrv' service on master nameserver node. (bsc#1156150) - Use a fall-back scoring for the master nameserver nodes, if the current roles of the node(s) got lost. (bsc#1156067) - SAPHanaSR-ScaleOut-doc will no longer be installable when SAPHanaSR-doc is installed (bsc#1157685) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-1616=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-ScaleOut-0.164.0-3.10.2 SAPHanaSR-ScaleOut-doc-0.164.0-3.10.2 References: https://bugzilla.suse.com/1156067 https://bugzilla.suse.com/1156150 https://bugzilla.suse.com/1157685 From sle-updates at lists.suse.com Tue Jul 14 13:25:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:25:58 +0200 (CEST) Subject: SUSE-RU-2020:1910-1: moderate: Recommended update for salt Message-ID: <20200714192558.1EBBCFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1910-1 Rating: moderate References: #1159284 #1165572 #1168340 #1169604 #1170104 #1171906 #1172075 #1173072 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for salt contains the following fixes: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 including blackening commit for the virt module and state. - Avoid traceback on debug logging for swarm module. (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods. - zypperpkg: filter patterns that start with dot. (bsc#1171906) - Batch mode now also correctly provides return value. (bsc#1168340) - Add docker.logout to docker execution module. (bsc#1165572) - Testsuite fix. - Add option to enable/disable force refresh for zypper. - Python3.8 compatibility changes. - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock. (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions. (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104) - Returns a the list of IPs filtered by the optional network list Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1910=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1910=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1910=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3000-4.5.3 salt-cloud-3000-4.5.3 salt-master-3000-4.5.3 salt-proxy-3000-4.5.3 salt-ssh-3000-4.5.3 salt-standalone-formulas-configuration-3000-4.5.3 salt-syndic-3000-4.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3000-4.5.3 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-salt-3000-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3000-4.5.3 salt-3000-4.5.3 salt-doc-3000-4.5.3 salt-minion-3000-4.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3000-4.5.3 salt-zsh-completion-3000-4.5.3 References: https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 From sle-updates at lists.suse.com Tue Jul 14 13:27:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:27:31 +0200 (CEST) Subject: SUSE-RU-2020:1905-1: moderate: Recommended update for lifecycle-data-sle-module-basesystem Message-ID: <20200714192731.7282DFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-basesystem ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1905-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-basesystem fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1905=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1905=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-basesystem-2-8.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-basesystem-2-8.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:28:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:28:15 +0200 (CEST) Subject: SUSE-RU-2020:1903-1: moderate: Recommended update for lifecycle-data-sle-module-desktop-productivity Message-ID: <20200714192815.D9CDBFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-desktop-productivity ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1903-1 Rating: moderate References: #1173407 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-desktop-productivity fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1903=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): lifecycle-data-sle-module-desktop-productivity-1-9.4.1 References: https://bugzilla.suse.com/1173407 From sle-updates at lists.suse.com Tue Jul 14 13:28:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:28:57 +0200 (CEST) Subject: SUSE-RU-2020:1629-2: moderate: Recommended update for terraform-provider-aws Message-ID: <20200714192857.9CE32FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for terraform-provider-aws ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1629-2 Rating: moderate References: #1170264 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for terraform-provider-aws fixes the following issues: - Add symlink required by terraform execution - Update to version 2.59.0: (bsc#1170264) * v2.59.0 * add CHANGELOG entry for PR #12935, PR #11657 * update expected ID example for ssm_maintenance_window_target * Update CHANGELOG for #12777, #12775, #12793, #12734, #12867, #12967, #12890, #12936, #12715 * resource/aws_waf_xss_match_set: Add plan-time validation for xss_match_tuples configuration block arguments (#12777) * resource/aws_waf_ipset: Add plan-time validation for ip_set_descriptors configuration block arguments (#12775) * resource/aws_wafregional_web_acl: Add plan-time validation to various arguments (#12793) * add CHANGELOG entry for PR #12933 * resource/aws_rds_cluster: Support aurora-mysql and aurora-postgres Global Clusters (#12867) * provider: Support af-south-1 (Cape Town) in various data sources (#12967) * docs/provider: Fix formatting of code block in Contributing Guide (#12965) * add changelog entry for PR #12929 * add changelog entry for PR #12948 * Update CHANGELOG.md * entry for adding import support network_acl_rule * update import id expected value formatting * add import note * fix tag list + expand test * resource/aws_route: Allow using compressed IPV6 CIDR (#12890) * data-source/aws_launch_template: Prevent type error with network_interfaces associate_public_ip_address (#12936) * docs/resource/aws_acm_certificate_validation: Use explicit zone_id attribute references (#12885) * docs/provider: Change "mapping" to "map" (when referring to the data structure) (#12908) * docs/resource/aws_iam_role_policy: Explicitly call out inline policy (#12905) * updates to add in resource attribute checks * Update module aws/aws-sdk-go to v1.30.12 (#12715) * resource/aws_codepipeline: Add stage action namespace argument (#11910) * docs/provider: Correct ELB, S3 and Elastic Beanstalk links for new AWS regions in Contributing Guide (#12946) * update comments in test * add support for importing aws_volume_attachment resouce * add support for importing aws_ssm_maintenance_window_target resource * add support for importing aws_ssm_activation resource * code review updates and doc update * run linters * change delimiter and namespace attribute name * add vpc-related example/docs * add support for importing aws_service_discovery_private_dns_namespace * move linux wording * docs/provider: make website-lint-fix * add support for importing aws_default_etwork_acl resources * Fix typo in CHANGELOG * rename example resource * formatting with linter * update documentation for acl_rule importing * Update CHANGELOG for #12884, #11783, #12898, #9461, #10542, #12902, #9391, #9232, #12620, #12452 * resource/aws_appsync_graphql_api: Add `log_config` configuration block `exclude_verbose_content` argument (#12884) * add support for importing aws_network_acl_rule resources * resource/aws_ssm_maintanance_window_target: Add plan-time validation to `resource_type` argument (#11783) * tests/resource/aws_glue_security_configuration: Keep empty string test in TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3 * Do not send kms_arn in glue security configuration if mode is SSES3 * resource/aws_iam_user: Ensure `force_destroy` removes signing certificates (#10542) * docs/resource/aws_dms_endpoint: Add missing aurora-postgresql to engine_name valid values (#12899) * resource/aws_lambda_alias: Suppress differences for equivalent function_name name and ARN (#12902) * .github/workflows/issues: Try removing curly braces from JSON to prevent error * r/aws_acm_certificate: Add test sweeper. * r/aws_apigatewayv2_api: Add test sweeper dependency on 'aws_apigatewayv2_domain_name'. * Removes "magic string" error code from error conditionals * Updates ARN test missed by linter * r/aws_apigatewayv2_vpc_link: Move waiter logic into its own package. * Add aws_apigatewayv2_vpc_link resource. * Fix lint warning. * Fix broken documentation links. * r/aws_apigatewayv2_api_mapping: Create ACM certificate outside of Terraform configuration. * Renamed resource to 'aws_apigatewayv2_api_mapping'. * Add 'aws_api_gateway_v2_api_mapping' resource. * Cleanup after v2.58.0 release * v2.58.0 * .github/workflows/issues: Remove extra closing parenthesis * .github/workflows/issues: Add curly braces in JSON * .github/workflows/issues: Try using fromJSON() to prevent errors * Update CHANGELOG for #12620 * .github/workflows/issues: Ignore collaborators for needs-triage issue labeling (#12857) * Adds checks for nil results to prevent panics * Removes extraneous API call when updating root EBS volume * Test that route_settings are removed when empty. * Rename resource to 'aws_apigatewayv2_stage'. * tests/service/rds: Remove rds-ca-2015 from CA Certificate Identifier testing (#12855) * Add 'aws_api_gateway2_stage' resource. * service/servicediscovery: Refactor waiter logic into separate package, add test sweepers (#12765) * Update CHANGELOG for #9245 * Change after review. * Update CHANGELOG for #9373 * Update CHANGELOG for #8633 and #11792 * resource/aws_dms_endpoint: Finish initial elasticsearch implementation and refactor schema/testing * Add deployment status waiter. * Rename resource to 'aws_apigatewayv2_deployment'. * Add 'aws_api_gateway2_deployment' resource. * Rename resource to 'aws_apigatewayv2_route_response'. * Add 'aws_api_gateway2_route_response' resource. * resource/aws_dms_endpoint: Minor adjustments to finish kinesis implementation and back out mongodb changes from #8633 * Update CHANGELOG for #8881 * Update CHANGELOG for #7170 * resource/aws_dms_event_subscription: Finish initial implementation * docs/resource/aws_ram_resource_share: Fix typo (#12827) * Rename aws_apigatewayv2_integration_response resource source files to match standard naming convention. * Add note to documentation on inability to import API Gateway managed resources created as part of API quick create. * tests/resource/aws_backup_plan: Remove unused testAccCheckAwsBackupPlanRuleAttrSet * Fix and enable tfproviderlint S023 check (#12781) * Update CHANGELOG for #10705 * resource/aws_cognito_identity_provider: Address PR #10705 feedback * Update CHANGELOG for #11923 * resource/aws_backup_plan: Finish initial copy_action implementation * Update CHANGELOG for #12269 * data-source/aws_regions: Finish initial implementation * data-source/aws_regions: Apply suggestions from code review * docs/resource/aws_pinpoint_email_channel: Fix description (#12824) * Update CHANGELOG for #9365 * Update CHANGELOG for #12819 * resource/aws_ec2_client_vpn_endpoint: Allow two `authentication_options` configuration blocks (#12819) * Update CHANGELOG for #12342 * resource/aws_dynamodb_table: Finish up initial Global Table Version 2019.11.21 implementation * deps: Vendor github.com/aws/aws-sdk-go/service/route53domains (#12797) * Fixes tests * fmt updates * Apply suggestions from code review * docs/data-source/aws_route_tables: Update ids attribute type (#12802) * Update CHANGELOG for #12800 * resource/aws_dlm_lifecycle_policy: Ensure plan-time validation for times argument only allows 24 hour format (#12800) * provider: Fix and enable tfproviderlint S024 check: ForceNew is extraneous in data source schema attributes (#12778) * tests(staticcheck): fix failing tests (#12782) * add extra line to indicate issue may exist in linux * add glob to provider pr labeller * tests/resource/aws_ecs_task_definition: Add sweeper (#12760) * Cleanup after v2.57.0 release * v2.57.0 * Update CHANGELOG for #12735 * Update CHANGELOG for #12738 * r/aws_apigatewayv2_route: Add support for JWT authorizers. * Update CHANGELOG for #12401 * resource/aws_rds_global_cluster: Add aurora-postgresql to engine argument plan-time validation (#12401) * 'aws_api_gateway2_route' -> 'aws_apigatewayv2_route'. * Add 'aws_api_gateway_v2_route' resource. * 'aws_api_gateway2_integration_response' -> 'aws_apigatewayv2_integration_response'. * Add 'aws_api_gateway_v2_integration_response' resource. * Add message to highlight ulimit option which can prevent issues with AT runs * Fix missing side navigation links. (#12746) * resource/aws_network_acl: Ensure tags are handled on creation * resource/aws_vpc_peering_connection_accepter: Do not overwrite incoming ResourceData on creation * Update CHANGELOG for #8912 * resource/aws_kms_key: Prevent eventual consistency related errors on creation * Update CHANGELOG for #8949 * Update CHANGELOG for #9228 * service/ec2: Switch tagging during resource creation to keyvaluetags.CreateEc2Tags implementation * internal/keyvaluetags: Initial tagging function generator for handling tagging of new resources * Updates AWS Config acceptance tests to use ARN testing check functions * Updates CloudFront acceptance tests to use ARN testing check functions * internal/keyvaluetags: Move all generator customization functions into shared service_generation_customizations.go * Update CHANGELOG for #12712 * service/lambda: Support for .NET Core 3.1 (#12712) * Update CHANGELOG for #11568 * resource/aws_egress_only_internet_gateway: Finish tags implementation and fix errors * Update CHANGELOG for #11683 * resource/aws_cloudhsm_v2_cluster: Support tag-on-create (#11683) * Update CHANGELOG for #12295 * resource/aws_spot_fleet_request: Add tags argument, support more plan-time validations, refactor testing (#12295) * Updates App Autoscaling acceptance tests to use ARN testing check functions * Update CHANGELOG for #12700 * tests/resource/aws_db_instance: Add covering acceptance testing for db_subnet_group_name and replicate_source_db arguments * Updates API Gateway acceptance tests to use ARN testing check functions * Use 'testAccCheckResourceAttrEquivalentJSON'. * Updates ECS acceptance tests to use ARN testing check functions * Updates ECR acceptance tests to use ARN testing check functions * 'aws_api_gateway2_model' -> 'aws_apigatewayv2_model'. * Add 'aws_api_gateway_v2_model' resource. * Updates ACM acceptance tests to use ARN testing check functions * Update CHANGELOG for #12586 * provider: Update preview ignore tags handling to configuration block and shared struct type (#12586) * Update module aws/aws-sdk-go to v1.30.5 (#12706) * Update aws/resource_aws_db_instance.go * Update module hashicorp/terraform-plugin-sdk to v1.9.0 (#12531) * Update CHANGELOG for #12650 * Update CHANGELOG for #12650 * resource/aws_docdb_cluster: Add deletion_protection argument (#12650) * Update module aws/aws-sdk-go to v1.30.4 (#12414) * docs/resource/aws_ssm_maintenance_window_task: Fix example value for `notification_type` (#12705) * Update CHANGELOG for #10350 * resource/aws_redshift_snapshot_copy_grant: Finish import implementation * Update CHANGELOG for #4568 * resource/aws_lb_target_group: Ensure unconfigured health checks for Network LB do not trigger recreation and add covering acceptance testing * Adds `device_name` to `data-source/aws_instance` * Adds EBS root volume delete-on-termination modification * resource/aws_lb_target_group: go fmt after fixing merge conflict * Adds EBS root volume type and IOPS modification * Fix for creating an RDS read replica in shared subnets. * Update CHANGELOG for #11232 * tests/resource/aws_appautoscaling_policy: Ensure covering acceptance testing for DynamoDB index policy * Update CHANGELOG for #6468 * New Data Source: aws_cloudfront_distribution (#6468) * service/elastictranscoder: Refactor out SetMap usage (#12641) * docs/resource/aws_cloudtrail: Fix broken link to Cloudtrail Data Events (#12687) * docs/resource/aws_launch_template: fix documentation for EBS block kms_key_id property (#12672) * docs/resource/aws_neptune_cluster: Fix attribute name typo deletion_protection (#12649) * enable s20 lint check and fix issues * Adds test for retrieving computed root EBS device values * Cleanup after v2.56.0 release * v2.56.0 * Updates documentation * Stops waiting for volume update when state is `optimizing`, since the volume is useable in that state * Updates root volume resize to work when multiple EBS volumes are attached * Uses AWS SDK provided functions for value dereference * Consolidates EC2 instance retrieval * Update CHANGELOG for #12549 * service/sagemaker: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12462) * resource/aws_s3_bucket: Fix lint error (#12626) * Updates to current framework * Improve code quality and fix tests as requested * resource_aws_instance: Modify root volume size without instance recreation * Update CHANGELOG for #12614 * resource/aws_s3_bucket: Prevent various panics with empty configuration blocks (#12614) * Removes nested resource testing in favour of `ImportStateVerify` and adds missing CodePipeline precheck * Update CHANGELOG for #12389 * resource/aws_elastic_transcoder_preset: Remove stringptr and refactor tests (#12581) * Update CHANGELOG for #12596 * resource/aws_volume_attachment: Do not swallow error when detaching volume (#12596) * Update CHANGELOG for #12575 * resource/aws_elastic_transcoder_preset: Remove `getStringPtr` calls, refactor tests, validate role argument (#12575) * Update CHANGELOG for #12560 * resource/aws_kms_grant: Remove resource from Terraform state instead of error if removed outside Terraform (#12560) * tests/resource/aws_codebuild_project: Fix typo in error message testing for buildspec * resource/aws_codebuild_project: Fix typo of buildspec (#12590) * resource/aws_codestarnotifications_notification_rule: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12469) * resource/aws_lb_listener: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12468) * resource/aws_api_gateway_stage: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12467) * resource/aws_lambda_function: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12466) * service/ec2: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12465) * resource/aws_autoscaling_group: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12464) * resource/aws_directory_service_directory: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12463) * service/redshift: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12461) * service/route53resolver: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12460) * service/elb: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12459) * service/docdb: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12457) * Consolidates artifact stores into a single argument * Typo fix * Change naming according to #9950 * Switch to filter for more flexibility * Add data source "aws_regions" * Adds tests for converting CodePipeline actions from single- to cross-region * Adds tests for updating cross-region CodePipeline actions * Properly hashes artifact stores * Adds test for changing artifact store location * service/rds: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12477) * Removes "foo" and "bar" * (docs) show AWS recommended EFS volume mount options (#12576) * Update CHANGELOG for #12559 * service/directconnect: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559) * Update CHANGELOG for #11991 * resource/aws_kms_grant: Support resource import (#11991) * Update CHANGELOG for #12492 * service/ec2: Add hibernation_options to aws_launch_template resource and data source (#12492) * Update CHANGELOG for #11885 * resource/aws_codedeploy_deployment_group: Fix blue_green_deployment_config updates for ECS (#11885) * tests/service/rds: Sweeper and randomization of Database Snapshots (#12546) * resource/aws_opsworks_rds_db_instance: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12476) * resource/aws_route53_zone: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12475) * resource/aws_qldb_ledger: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12474) * resource/aws_globalaccelerator_accelerator: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12472) * resource/aws_elasticache_parameter_group: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12471) * resource/aws_licensemanager_license_configuration: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() (#12470) * Handles creation and import of cross-region CodePipeline actions * Removes redundant CodePipelineExists test from CodePipleline webhook tests * Fixes rebase errors and adds `depends_on` for IAM policy attachments * Cleanup after v2.55.0 release * v2.55.0 * Update CHANGELOG for #12305 * Update CHANGELOG for #12079 * resource/aws_neptune_cluster_instance: Add missing configuring-log-exports as allowed pending state (#12079) * Update CHANGELOG for #12491 * service/ec2: Support metadata_options in aws_instance and aws_launch_template resources/data sources (#12491) * tests/data-source/aws_vpc_endpoint_service: Fix EC2 policy check (#12544) * provider: Updates to verify hashibot behaviors and increase stale handling per run (#12556) * Removes unneeded test * Applies `terrafmt fmt` * Adds tests for adding and reordering `bootstrap_actions` * Corrects type of `bootstrap_action` from TypeSet to TypeList * resource/aws_ecs_task_definition: Remove pluralization from inference_accelerator configuration block argument * docs/provider: Run make website-lint-fix * resource/aws_ecs_task_definition: Add inference_accelerator configuration block (#11757) * Update CHANGELOG for #12215 * resource/aws_msk_cluster: Add logging_info configuration block (support CloudWatch, Firehose, and S3 logging) (#12215) * docs/resource/aws_api_gateway_deployment: Fixed documentation example (#12486) * Corrects error in destroy check * Fixes and test updates * [WIP] Test for multi region codepipeline. * Use expandAwsCodePipelineArtifactStore to expand artifactStores * One definition of the artifactStoreSchema * Add support for Codepipeline artifact_stores * Add Codepipeline action region support * Update CHANGELOG for #12483 * resource/aws_flow_log: Add max_aggregation_interval argument (#12483) * Reorders parameters for composed configurations for cleaner formatting * Update CHANGELOG for #12516 * data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add filter and tags arguments (#12516) * Update CHANGELOG for #12530 * resource/aws_storagegateway_nfs_file_share: Implement path attribute (#12530) * provider: Switch stale handling from hashibot to official GitHub Action (#12542) * Update CHANGELOG for #12415 * data-source/aws_ec2_transit_gateway_vpn_attachment: Add filter and tags arguments (#12415) * Update CHANGELOG for #12404 to account for tags argument * Update CHANGELOG for #12404 * data-source/aws_vpc_endpoint_service: Add filter argument (#12404) * Update CHANGELOG for #12403 * Update CHANGELOG for #12416 * data-source/aws_prefix_list: Add filter argument (#12416) * docs/data-source/aws_launch_template: Add missing tags argument * tests/provider: Bulk update aws_availability_zones data sources in test configurations to exclude Local Zones (#12517) * docs/resource/aws_cognito_user_pool: Update the resource definition (#12529) * Update CHANGELOG for #12447 * plan only test for change revert * resource/aws_db_instance: Use expandStringSet and add testing for snapshot_identifier with db_subnet_group_name * Removes extra attributes. * Correcting possible values for encryption_option (#12510) * Update CHANGELOG for #12254 * resource/aws_athena_workgroup: Add force_destroy argument (#12254) * Update CHANGELOG for #11843 * resource/aws_mq_configuration: Remove extraneous call to ListTags during refresh and add ValidateFunc to engine_type (#11843) * Update CHANGELOG for #11992 * resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992) * plan only test for change * Adds fix to filter out Local Zones from list of Availability Zones * Update resource_aws_route53_health_check_test.go * Adds functions to compose acceptance test configurations * Replaces `RandInt()` with `RandomWithPrefix()` * Removes unneeded `bootstrap_action` arguments from tests. Adds check to `TestAccAWSEMRCluster_security_config` to test `security_configuration` * Refactors IAM roles and policies * Fixes linting error * Cleans up some formatting and adds some tests to actually test some cases * Use availability zone filter (https://github.com/terraform-providers/terraform-provider-aws/pull/12400 m erged). * Remove 'tls_config' attribute. It doesn't seem to do anything right now. * r/aws_apigatewayv2_integration: Add 'payload_format_version' and 'tls_config' attributes. * r/aws_apigatewayv2_integration: Don't import API Gateway managed integrations. * 'aws_api_gateway2_integration' -> 'aws_apigatewayv2_integration'. * Add 'aws_api_gateway_v2_integration' resource. * Adds fix to filter out Local Zones from list of Availability Zones * Corrects function name * Terraform formatting fixes * Corrects test for Elastic Beanstalk Platform ARN * Formatting fixes * Consolidates Elastic Beanstalk Environment deletion * Adds option to ignore error events when terminating Elastic Beanstalk Environment * Formatting fixes * Updates Elastic Beanstalk Platform ARN to supported platform version * No longer stops sweepers for Elastic Beanstalk Applications and Environments on the first error * Update launch_template.html.markdown * Update CHANGELOG for #12400 * service/ec2: Initial support for Local Zones (#12400) * Update module bflad/tfproviderlint to v0.14.0 (#12505) * Rename test. * r/aws_apigatewayv2_api: Add CORS configuration and quick start attributes. * Cleanup after v2.54.0 release * v2.54.0 * service/neptune: Remove deprecated (helper/schema.ResourceData).Partial() and (helper/schema.ResourceData).SetPartial() * docs/resource/aws_securityhub_standards_subscription: Add PCI standard examples and docs (#12090) * Update module bflad/tfproviderlint to v0.12.0 (#12456) * Moved VPC SGs from ModifyDB to RestoreDB API Call * Update CHANGELOG for #7252 * resource/aws_vpc_dhcp_options_association: Minor testing and linting fixes * Update CHANGELOG for #6975 * New Resource: aws_securityhub_member (#6975) * Update CHANGELOG for #11604 * resource/aws_cognito_user_pool_client: Add prevent_user_existence_errors argument (#11604) * Update CHANGELOG for #12317 * resource/aws_cognito_user_pool: Add username_configuration configuration block (Support case insensitive usernames) (#12317) * Update CHANGELOG for #11607 * resource/aws_cognito_user_pool: Add email_configuration configuration block from_email_address argument (#11607) * Update CHANGELOG for #11762 * resource/aws_cognito_user_pool_client: Add analytics_configuration configuration block (Support Pinpoint analytics) (#11762) * Moves `replica` to `aws_dynamodb_table`. * Update CHANGELOG for #12350 * resource/aws_api_gateway_rest_api: Ignore ordering differences for endpoint_configuration configuration block vpc_endpoint_ids argument (#12350) * tests/resource/aws_launch_template: Add test for network interface ipv4 addresses (#12307) * Update CHANGELOG for #12411 * resource/aws_lambda_function: Add plan-time validation for handler argument (#12411) * Update CHANGELOG for #12418 * resource/aws_s3_bucket: Retry NoSuchBucket error when setting tags during resource creation (#12418) * Update CHANGELOG for #12388 * resource/aws_cognito_user_pool_client: Ignore ordering differences for callback_urls, logout_urls, and supported_identity_providers arguments (#12388) * Update CHANGELOG for #12327 * resource/aws_dlm_lifecycle_policy: Add 1 hour backup interval (#12327) * Update CHANGELOG for #11667 * service/opsworks: Layers tagging support (#11667) * Update CHANGELOG for #11984 * service/opsworks: Add Sensitive flag to private ssh_key properties (#11984) * Update CHANGELOG for #12383 * resource/aws_opsworks_application: Support resource import and add plan-time validations (#12383) * service/docdb: Add length checking to identifier value validation (#10826) * 'aws_api_gateway2_domain_name' -> 'aws_apigatewayv2_domain_name'. * Add 'aws_api_gateway_v2_domain_name' resource. * r/aws_apigatewayv2_authorizer: Add support for JWT. * 'aws_api_gateway2_authorizer' -> 'aws_apigatewayv2_authorizer'. * Add 'aws_api_gateway_v2_authorizer' resource. * docs/resource/aws_default_network_acl: Fix terraform 0.12 warning (#12406) * Update CHANGELOG for #12008 * resource/aws_kinesis_stream: Ensure kms_key_id argument in-place updates complete successfully (#12008) * docs/service/ec2: Clarify usage of 'service_name' and 'service' attributes for VPC Endpoints and VPC Endpoint Services (#11842) * Update CHANGELOG for #11170 * resource/aws_lambda_alias: Add ForceNew to function_name attribute (#11170) * remove check * Update launch_template.html.markdown * docs/resource/aws_security_group_rule: restore "required" field in example (#12392) * add filter support - docs * rename tests * rename tests * add support for filtering launch templates * Update CHANGELOG for #12359 * Update module aws/aws-sdk-go to v1.29.24 (#12359) * Update module hashicorp/terraform-plugin-sdk to v1.8.0 (#12357) * Update CHANGELOG for #11257 * service/elbv2: Add drop_invalid_header_fields attributes to aws_lb resource and datasource (#11257) * Update CHANGELOG for #11845 * resource/aws_backup_vault: Remove from state on AccessDeniedException (#11845) * Update CHANGELOG for #10687 * resource/aws_backup_selection: Automatically retry on additional IAM Role eventual consistency error (#10687) * Update CHANGELOG for #12349 * data-source/aws_iam_role: Add tags attribute (#12349) * Update CHANGELOG for #12381 * resource/aws_backup_plan: Support resource import (#12381) * docs/resource/aws_ssm_activation: Update example IAM Policy (#12385) * tests/provider: Add misspell for CHANGELOG.md in docscheck Make target (#12377) * Update CHANGELOG for #12347 * resource/aws_nat_gateway: Support tag-on-create (#12347) * Update CHANGELOG for #12375 * resource/aws_inspector_assessment_template: Add tags argument and support resource import (#12375) * resource/aws_elastic_beanstalk_environment: make fmt (Go 1.14 support) (#12393) * docs/resource/aws_kinesis_video_stream: Fix example HCL formatting * Spelling fixes for CHANGELOG (#12240) * Update CHANGELOG for #8291 * New Resource: aws_kinesis_video_stream (#8291) * provider: Consistent service client naming for API Gateway v1 and SES services (#12372) * Update CHANGELOG for #12283 * resource/aws_ebs_snapshot_copy: Return API errors instead of panic if unable to read snapshot (#12283) * Cleanup after v2.53.0 release * v2.53.0 * Update CHANGELOG for #8842 * Tweaks documentation subcategory for API Gateway v2 * Update CHANGELOG for #12358 * resource/aws_cognito_user_pool: Support Software Token MFA Configuration (#12358) * Adds missing comma in hashibot config * provider: Enable automatic terrform formatting enforcement in CI for documentation (#12232) * Rename resource to 'aws_apigatewayv2_api'. * docs/resource/aws_lambda_function: Update to supported nodejs version (#12355) * Lint fixes. * provider: Add AWSClient PartitionHostname() and RegionalHostname() receiver methods and AWSR001 linter (#12189) * Correct the dropdown section title. * Spell check. * Adds rest of Replica schema. * Use resourceAwsDynamoDbTable to drive main schema. * Basic support for HTTP APIs - No new attributes yet. * Changes `region` to `region_name`. * Uses flattenAwsDynamoDbTableResource. * Removes comments. * Uses resourceAwsDynamoDbTableUpdate. * Continue with sweep after any individual API fails deletion and capture all errors. * Uses resourceAwsDynamoDbTableCreate * Rename resource to 'aws_api_gatewayv2'. * Removes comments. * Adds support for DynamoDB v2019.11.21. * tests/provider: Enable tfproviderlint R002 check (#12033) * provider: Fix and enable tfproviderlint V002, V004, V007, and V008 (#12233) * provider: Fix and enable tfproviderlint S031, S032, and S033 (#12234) * tests/resource/aws_key_pair: Randomize name in test configurations (#11890) * tests/data-source/aws_ssm_parameter: Randomize naming (#12174) * tests/resource/aws_launch_template: Randomize naming in network interface test configurations (#11959) * resource/aws_opsworks_stack: Fixes for tfproviderlint R002 (#12028) * tests/provider: Enable passing tfproviderlint v0.10.0 checks (#12088) * tests/resource/aws_ssm_activation: Remove broken ExpectError testing from TestAccAWSSSMActivation_expirationDate (#12173) * Update CHANGELOG for #11720 * service/ec2: Automatically retry on DetachVpnGateway calls receiving `InvalidParameterValue: This call cannot be completed because there are pending VPNs or Virtual Interfaces` (#11720) * provider: Additional hashibot pull request labeling (#12241) * Updates hashibot config to identify `apigatewayv2` service name * Update index.html.markdown (#12328) * tests/service/storagegateway: Refactor to use aws_ec2_instance_type_offering and aws_ssm_parameter data sources (#12247) * tests/data-source/aws_internet_gateway: Remove hardcoded provider region and ExpectNonEmptyPlan (#12253) * tests/provider: Remove extraneously hardcoded provider configurations in test configurations (#12277) * docs: fix S3 ACL permissions * Correct test check function name. * Clean up function names - https://github.com/terraform-providers/terraform-provider-aws/pull/12299. * Add TestAccAWSAPIGateway2Api_disappears acceptance test. * Fix website documentation errors. * Fix go.mod/go.sum conflicts. * r/aws_api_gateway2_api: Tag-on-create. * Add 'subcategory'. * Replace 'testAccMatchResourceAttrAnonymousRegionalARN' with 'testAccMatchResourceAttrRegionalARNNoAccount'. * Use new internal/keyvaluetags functionality. * Add API Gateway v2 list tags code generation. * Terraform Plugin SDK migration. * Add 'execution_arn' attribute to 'aws_api_gateway2_api' resource. * Minor enhancement to error message. * Test API ARN in acceptance tests. * Add test sweeper. * API Gateway v2 API tags. * Better acceptance tests when all attributes are set. * Update resource name in tests. * More anonynous API ID for import example. * Get 'aws_api_gateway_v2_api' acceptance tests passing. * Add 'aws_api_gateway_v2_api' documentation. * Move 'aws_api_gateway_v2_route' to its own PR. * Rename resource methods to match CloudHSM v2 resource method naming. * Rename files to match CloudHSM v2 file naming. * Get tests to compile after rebase. * adding some routes * cleaning out some files * WIP on additional v2 resources * fixing tests * can create and delete * initial addition of v2 definition * Update module aws/aws-sdk-go to v1.29.20 * Update CHANGELOG for #12273 * resource/aws_flow_log: Add tags argument (#12273) * Add AT005 lint rule and fix tests (#12308) * docs/resource/aws_ram_resource_share_accepter: Fixed wrong resource name (#12314) * service/ec2: Finish refactoring to keyvaluetags package (#12289) * Update CHANGELOG for #12309 * resource/aws_globalaccelerator_accelerator: Add tags argument (#12309) * Update CHANGELOG for #12290 * resource/aws_vpc_endpoint_service: Support tag-on-create and add network_load_balancer_arns plan-time validation (#12290) * Update CHANGELOG for #11972 * Update CHANGELOG for #11972 * resource/aws_appsync_graphql_api: Add xray_enabled argument (#11972) * Update CHANGELOG for #12132 * resource/aws_cloud9_environment_ec2: Add tags argument (#12132) * Update CHANGELOG for #12133 * resource/aws_ec2_traffic_mirror_filter: Add tags argument (#12133) * Update CHANGELOG for #12134 * resource/aws_ec2_traffic_mirror_session: Add tags argument (#12134) * Update CHANGELOG for #12135 * resource/aws_ec2_traffic_mirror_target: Add tags argument and network_load_balancer_arn plan-time validation (#12135) * Update CHANGELOG for #12288 * resource/aws_vpc_endpoint: Support tag-on-create (#12288) * add disappears test case * suppress diff when expanded ipv6 address is the same * Updates naming of HSM v2 functions to match conventions * Corrects resource names in CHANGELOG * Renames documentation subcategory for API Gateway v1 to prepare for v2 * docs/resource/aws_launch_template: Fix typo (#12244) * resource/aws_elasticsearch_domain: Clarify zone_awareness_enabled argument (#12296) * Securityhub is no longer in preview - update docs (#12256) * docs/resource/aws_sns_topic_policy: Update resource name to snake case (#12274) * Update module golangci/golangci-lint to v1.23.8 (#12242) * service/workspaces: Refactor to use keyvaluetags package (#11645) * Cleanup after v2.52.0 release * v2.52.0 * service/ec2: Refactor Security Group data sources and resources to use keyvaluetags package (#11918) * Update CHANGELOG for #12280 * resource/aws_eks_cluster: Add encryption_config configuration block (#12280) * Update module aws/aws-sdk-go to v1.29.18 (#12258) * service/ec2: Refactor aws_internet_gateway data source and resource to use keyvaluetags package (#11907) * Update module bflad/tfproviderlint to v0.11.0 (#12259) * Update CHANGELOG for #3728 * s3 bucket grant implementation: fix fmt * Update module aws/aws-sdk-go to v1.29.16 (#12214) * tests/resource/aws_cloudwatch_metric_alarm: Blacklist usw2-az4 AZ for instance testing * tests/resource/aws_eks_node_group: Update TestAccAWSEksNodeGroup_ReleaseVersion argument value (#12172) * Update CHANGELOG for #12171 * resource/aws_lambda_function_event_invoke_config: Retry on additional IAM eventual consistency error with SNS Topic destinations (#12171) * Update CHANGELOG for #12170 * resource/aws_media_store_container: Prevent ValidationException on creation when no tags are configured (#12170) * Update CHANGELOG for #12139 * New Data Sources: aws_ec2_instance_type_offering and aws_ec2_instance_type_offerings (#12139) * docs/resource/aws_msk_cluster: Correct default value for client-broker encryption setting. (#12177) * docs/data-source/aws_pricing_product: Add capacitystatus filter (#12122) * service/elastictranscoder: Fix tfproviderlint R009 check in structure.go (#12137) * default EBS Volume type (#12155) * docs/resource/aws_cloudtrail: Fix spelling typo (#12180) * fixup(cloudwatch_log_group) documentation (#12193) * docs/data-source/aws_subnet_ids: Fixing example resource (#12224) * docs/resource/aws_s3_bucket_notification: Fix race condition in examples (#12228) * Update CHANGELOG for #11141 * resource/aws_lb_target_group: Add `load_balancing_algorithm_type` argument (support Least Outstanding Requests algorithm for Application Load Balancers) (#11141) * provider: Replace local version of schema validators with identical versions from terraform-plugin-sdk helper/validation package (#12207) * internal/keyvaluetags: Support Quicksight service (#12220) * resource/aws_vpc_peering_connection: Refactor to use keyvaluetags package (#11935) * service/ec2: Refactor Spot Instance and Fleet resources to use keyvaluetags package (#11934) * service/ec2: Refactor aws_route_table(s) data sources and resource to use keyvaluetags package (#11915) * service/ec2: Refactor VPC Endpoint (Service) data sources and resource to use keyvaluetags package (#11931) * resource/aws_vpn_connection: Refactor to use keyvaluetags package (#11932) * service/ec2: Refactor Network ACL data source and resources to use keyvaluetags package (#11913) * Update CHANGELOG for #11919 * resource/aws_iam_service_linked_role: Allow aws_service_name validation to accept values in AWS partitions outside AWS Commercial and AWS GovCloud (US) (#11919) * docs/provider: Fix invalid HCL in example configurations (#12209) * Skips CloudFormation StackSets acceptance tests when not supported * Fixes naming of CloudFormation StackSet * Skips CloudFormation StackSet sweepers when not supported * add dms elasticsearch target * Update CHANGELOG.md (#12211) * resource/aws_globalaccelerator_accelerator: go fmt * Update CHANGELOG for #11670 * resource/aws_globalaccelerator_accelerator: Add dns_name and hosted_zone_id attributes (#11670) * Update module aws/aws-sdk-go to v1.29.12 (#12128) * Update module golangci/golangci-lint to v1.23.7 (#12205) * Cleanup after v2.51.0 release * v2.51.0 * Update CHANGELOG for #11080 * New Data Source: aws_sfn_activity (#11080) * Update CHANGELOG for #12116 * resource/aws_lambda_function: Support plan-time validation for runtime argument ruby2.7 value (#12116) * Update CHANGELOG for #11415 * service/directconnect: Refactor tagging logic to keyvaluetags package and add 'amazon_side_asn' attribute (#11415) * service/ec2: Refactor aws_network_interface(s) data sources and resource to use keyvaluetags package (#11912) * resource/aws_ec2_client_vpn_endpoint: Refactor to use keyvaluetags package (#11917) * data-source/aws_iam_server_certificate: Fixes for tfproviderlint R002 (#11920) * service/cloudwatchlogs: Fixes for tfproviderlint R002 (#11921) * service/cognito: Fixes for tfproviderlint R002 (#11943) * service/elastictranscoder: Fixes for tfproviderlint R002 (#11944) * resource/aws_elastic_beanstalk_environment: Fixes for tfproviderlint R002 (#11945) * service/ec2: Fixes for tfproviderlint R002 (#11947) * Adds validation on CloudFront distribution georestriction type * Adds `.go-version` file and sets version to 1.13.7 * Fixes Elastic Beanstalk sweeper names to match resource and prevent warnings in sweeper runs * s3 bucket grant implementation: fix docs and tests * tests/resource/aws_s3_access_point: Fix log.Printf linting issue * resource/aws_s3_access_point: Address minor PR #11276 feedback * Update CHANGELOG for #11276 * New Resource: aws_s3_access_point (#11276) * Update CHANGELOG for #11837 * resource/aws_workspaces_directory: Prevent panic and remove resource from Terraform state if removed outside Terraform (#11837) * docs/provider: Fix aws_ec2_traffic_mirror_* location in terraform.io sidebar * Fix example of IP ranges usage (#11320) * Update CHANGELOG for #12115 * resource/aws_glue_job: Add notification_property configuration block (#12115) * docs/resource/aws_glue_job: Updating pythonshell details (#12114) * Update CHANGELOG for #11451 * resource/aws_msk_cluster: Support Cluster expansion and Open Monitoring (#11451) * Update CHANGELOG for #11100 * resource/aws_lambda_event_source_mapping: Adding ParallelizationFactor, MaximumRecordAgeInSeconds, BisectBatchOnFunctionError, MaximumRetryAttempts, DestinationConfig (#11100) * Update CHANGELOG for #10932 * New Data Source: aws_sfn_state_machine (#10932) * tests/resource/aws_ec2_traffic_mirror_session: Fix TestAccAWSEc2TrafficMirrorSession_basic * Fix CHANGELOG for #9372 * Update CHANGELOG for #9372 * service/ec2: New Resources for EC2 Traffic Mirroring (#9372) * Update module aws/aws-sdk-go to v1.29.7 (#11893) * resource/aws_glacier_vault: Fixes for tfproviderlint R002 (#11946) * tests/provider: Enable tfproviderlint R006 check (#12048) * tests/service/elasticache: Replace deprecated cache.m1 with cache.t3, refactor data source testing (#11956) * resource/aws_iot_certificate: Fixes for tfproviderlint R002 (#12026) * resource/aws_iam_saml_provider: Fixes for tfproviderlint R002 (#12027) * resource/aws_redshift_security_group: Fixes for tfproviderlint R002 (#12029) * resource/aws_proxy_protocol_policy: Fixes for tfproviderlint R002 (#12030) * resource/aws_route53_record: Fixes for tfproviderlint R002 (#12031) * resource/aws_ses_receipt_rule: Fixes for tfproviderlint R002 (#12032) * Cleanup after v2.50.0 release * v2.50.0 * docs/resource/aws_codestarnotifications_notification_rule: Fixed spacing and spelling (#12109) * resource/aws_transfer_server: Minor adjustments to new host_key handling * Update CHANGELOG for #8913 * resource/aws_transfer_server: Add host_key argument and host_key_fingerprint attribute (#8913) * Update CHANGELOG for #11144 * resource/aws_iam_access_key: Add ses_smtp_password_v4 attribute (#11144) * Update CHANGELOG for #11211 * resource/aws_lambda_function: Publish new version on config-only function updates (#11211) * Update CHANGELOG for #10402 * Update CHANGELOG for #9490 * data-source/aws_lambda_alias: Modernization for codebase and testing changes since submission, use name instead of alias_name to match resource * Update default EBS Volume type (#12092) * Make weight in default_capacity_provider_strategy optional. (#12091) * docs/guides/custom-service-endpoints: Use fully HTML list for Terraform Registry compatibility (#12004) * tests/resource/aws_launch_template: Add sweeper (#11962) * tests/resource/aws_organizations_policy: Add missing testAccOrganizationsAccountPreCheck (#12035) * resource/aws_codedeploy_deployment_group: Fixes for tfproviderlint R006 (#12042) * resource/aws_iam_policy_attachment: Fixes for tfproviderlint R006 (#12043) * resource/aws_lambda_permission: Fixes for tfproviderlint R006 (#12044) * resource/aws_redshift_snapshot_copy_grant: Fixes for tfproviderlint R006 (#12045) * resource/aws_ssm_document: Fixes for tfproviderlint R006 (#12046) * service/sfn: Fixes for tfproviderlint R006 (#12047) * Update CHANGELOG for #12052 * internal/naming: New package for shared naming logic (#12052) * Limits directories for sweepers to just `./aws` * Update module bflad/tfproviderlint to v0.10.0 (#12074) * Update module hashicorp/terraform-plugin-sdk to v1.7.0 (#12012) * Update CHANGELOG for #11924 * changes * Fix Doc: InvalidParameterValue: 'MaxAgeRule' and 'MaxCountRule' cannot be enabled simultaneously. (#12064) * Be clear about type for aws_subnet_ids (#12020) * Update the syntax of the examples in sns_topic_subscription to terraform (#12068) * update r/aws_globalaccelerator_endpoint_group documentation (#12063) * Update CHANGELOG for #11562 * resource/aws_ram_resource_share_accepter: Minor PR review feedback changes * add acceptance tests * Cleanup after v2.49.0 release * v2.49.0 * Adds `terraform-remote-s3-test` pattern for S3 backend * Compiles regexp once * Converts LB subnets to use splat expressions * Passes correct number of subnets to test * Updates Elastic Transcoder bucket names to match S3 sweeper patterns * Updates Macie S3 association bucket names to match S3 sweeper patterns * Updates Global Accelerator flow log bucket names to match S3 sweeper patterns * Updates Redshift bucket names to match S3 sweeper patterns * Updates Athena database and Athena named query bucket names to match S3 sweeper patterns * Updates ALB and NLB access log bucket names to match S3 sweeper patterns * Updates ELB access log bucket names to match S3 sweeper patterns * Adds default S3 bucket name to S3 sweeper * Update CHANGELOG for #12009 and #9810 * resource/aws_launch_configuration: Allow missing EC2 Image during root block device lookup (#12009) * Update CHANGELOG for #12000 * resource/aws_batch_job_definition: Prevent extraneous differences with container properties missing environment, mount point, ulimits, and volumes configuration (#12000) * Update CHANGELOG for #12001 * resource/aws_cognito_user_pool: Allow admin_create_user_config configuration block unused_account_validity_days to be omitted (#12001) * Update module golangci/golangci-lint to v1.23.6 (#11981) * service/s3: Refactor S3 Bucket Object data source and resource to use keyvaluetags package (#11964) * tests/resource/aws_instance: Refactor TestAccAWSInstance_hibernation to use aws_ami data source and launch with encrypted volume instead of copying AMI * Update CHANGELOG for #6961 * resource/aws_instance: Add `hibernation` argument (#6961) * tests/resource/aws_launch_configuration: Refactor TestAccAWSLaunchConfiguration_withInstanceStoreAMI to use Amazon Linux and filter root device by instance-store * Update CHANGELOG for #9810 * resource/aws_launch_configuration: Fix regression from version 2.22.0 with instance store AMIs returning an unexpected error (#9810) * Update CHANGELOG for #6552 * resource/aws_launch_template: Add `cpu_options` configuration block (support disabling multithreading) (#6552) * Update CHANGELOG for #11874 * docs/provider: Fix and enable markdownlint rules MD003, MD018, MD019, MD026, MD030, MD033, and MD046 (#12002) * Removes hardcoded partition checks and uses error values and acceptance pre-check to control test skip * internal/keyvaluetags: Fix CodestarnotificationsUpdateTags generation from old pull request * Update CHANGELOG for #10991 * New Resource: aws_codestarnotifications_notification_rule (#10991) * docs/resource/aws_kinesis_firehose_delivery_stream: Fixed Splunk configuration option description (#11995) * tests/provider: Increase make test timeout for Docker environments (#11996) * Update CHANGELOG for #11953 * data-source/aws_route53_zone: Filter on tags is containment, not exact equality. (#11953) * Update CHANGELOG for #11731 * resource/aws_neptune_cluster: Add deletion_protection argument (#11731) * Update CHANGELOG for #8461 * resource/aws_db_instance: Add delete_automated_backups argument (#8461) * docs/data-source/aws_api_gateway_rest_api: Alphabetize attributes and add missing execution_arn attribute * Update CHANGELOG for 10971 * data-source/aws_api_gateway_rest_api: Add attributes (#10971) * Update CHANGELOG for #11472 * resource/aws_db_instance: Enable RDS MSSQL agent log export to CloudWatch (#11472) * Update CHANGELOG for #11790 * resource/aws_rds_global_database: Allow Aurora MySQL 5.7 as a Global Database Engine (#11790) * Update CHANGELOG for #11949 * resource/aws_neptune_cluster: Add enable_cloudwatch_logs_exports argument (support audit logging) (#11949) * Update CHANGELOG for #11895 * aws/resource_aws_route53_record.go: update change record set to use SDK backoff (#11895) * Update CHANGELOG for #11559 * resource/aws_gamelift_fleet: Add tags argument (#11559) * docs/resource/aws_lb_listener_rule: Fix attribute names (#11985) * Adds TEST_COUNT makefile parameter * Add documentation on custom keyvaluetags functions. (#11974) * Update module golangci/golangci-lint to v1.23.4 (#11979) * Fix CHANGELOG entry for #9877 * docs/resource/aws_codebuild_project: Fix documentation example for 'source_version' attribute. (#11975) * docs/data-source/aws_kms_secrets: use identical text string for file and string arguments (#11980) * Update module bflad/tfproviderdocs to v0.5.0 (#11978) * New Service: WorkMail (#11958) * Refactors to use keyvaluetags package * Removes panics adding during debugging * r/_aws_s3_bucket_metric: Refactor to use keyvaluetags package. * Tidy up use of keyvaluetags. * Revert "r/aws_s3_bucket_object: Refactor to use keyvaluetags package." * Replace 'tagsMapToHash' with 'KeyValueTags.Hash' method. * r/aws_s3_bucket_object: Refactor to use keyvaluetags package. * Cleanup after v2.48.0 release * Fixes Route 53 resolver endpoint sweeper to return errors. Adds sweepers for Route 53 resolver rules and resolver rule associations * v2.48.0 * Update CHANGELOG for #11407 * tests/resource/aws_batch_job_queue: Revert errant ImportState testing in _disappears test * Update CHANGELOG for #11649 * resource/aws_kinesis_firehose_delivery_stream: Allow processor clearing (#11649) * removing unnecessary nil check * go fmt * update to re-create resoure when lambda policy sid not found * fixing bugs, adding tests, updating docs * Update CHANGELOG for #11617 * resource/aws_cloudwatch_log_stream: Prevent early state removal (#11617) * Update CHANGELOG for #11612 * services/organization: Support TAG_POLICY type in policy and policy attachment resources (#11612) * Update CHANGELOG for #11650 * resource/aws_default_security_group: Ensure description attribute is written into Terraform state (#11650) * Update CHANGELOG for #11544 * resource/aws_network_acl_rule: Fix provider error when missing rule (#11544) * docs/provider: Fixed link and modified sentence in README (#11816) * fix typo in aws_lb_listener_rule doc (#11856) * Update CHANGELOG for #11847 * resource/aws_fsx_lustre_file_system: Lower minimum storage cap to 1200Gb (#11847) * Update CHANGELOG for #11889 * resource/aws_ec2_client_vpn_endpoint: Ensure dns_servers attribute is refreshed in Terraform state (#11889) * deps: Update renovate ignoreDeps to include golang.org/x/tools, remove unused dependencies, and alphabetize list (#11886) * service/ec2: Refactor aws_vpn_gateway data source and resource to use keyvaluetags package (#11909) * service/ec2: Refactor aws_nat_gateway data source and resource to use keyvaluetags package (#11908) * service/ec2: Refactor aws_customer_gateway data source and resource to use keyvaluetags package (#11906) * resource/aws_glacier_vault: Refactor to use keyvaluetags package (#11900) * r/aws_s3_bucket: Refactor to use keyvaluetags package. * Update CHANGELOG for #11894 * resource/aws_s3_bucket: Retry read after creation for 404 status code (#11894) * tests/provider: Enable tfproviderlint R004 check (#11499) * Update website/aws.erb * service/ec2: Refactor aws_vpc_dhcp_options data source and resource to use keyvaluetags package (#11904) * internal/keyvaluetags: Use build constraint with custom implementation files, add gencheck Makefile target and add to CI (#11638) * data-source/aws_route53_zone: Refactor to use keyvaluetags package (#11661) * resource/aws_vpc_endpoint: Refactor to use keyvaluetags package (#11730) * Update CHANGELOG for #10381 * New Resource: aws_datasync_location_smb (#10381) * Add missing aws_ in #10017 CHANGELOG entry * Update CHANGELOG for #11488 * resource/aws_batch_job_definition: Properly set container_properties and name into Terraform state and fix basic test (#11488) * docs/provider: Fix markdownlint MD032 failures and enable rule (#11875) * Sets `Force` parameter when deleting CloudWatch event targets and event rules. Allows deletion of managed resources * Inlines `tags` field definition * Update CHANGELOG for #11648 * Addresses code review comments * Adds documentation navigation link * Add resource documentation links which is omitted (#11877) * Update module golangci/golangci-lint to v1.23.3 (#11876) * awsproviderlint: Initial implementation with AWSAT001 check (#11532) * deps: Migrate from github.com/kubernetes-sigs/aws-iam-authenticator/pkg/token to internal implementation (#11822) * Update CHANGELOG for #11726 * resource/aws_cloudformation_stack_set: Wait for update operation completion and report any errors (#11726) * tests/service/cloudformation: Add sweepers and export randomization (#11725) * tests/resource/aws_guardduty_detector: Add sweeper (#11722) * tests/provider: Enable new passing tfproviderlint checks (#11873) * docs/provider: Add information for tfproviderdocs, tfproviderlint, and yaml.v2 in Maintaining Guide Dependency Updates section (#11820) * docs/provider: Fix markdownlint MD031 failures and enable rule (#11861) * Adds documentation * Adds `TESTARGS` parameter to `make test` to narrow unit tests * Implements Import operation * Implements flattening and expansion of Storage Class Analytics values * Update CHANGELOG for #9877 * resousrce/aws_codebuild_project: Add source_version argument (#9877) * tests/resource/aws_cloud9_environment_ec2: Remove dependency on Default VPC and blacklist usw2-az4 (#11704) * tests/resource/aws_lb_target_group_attachment: Refactoring for region/partition agnostic and blacklist usw2-az4 (#11714) * tests/resource/aws_elastic_beanstalk_environment: Refactoring and modernization (#11702) * Update module golangci/golangci-lint to v1.23.2 (#11851) * Update module bflad/tfproviderlint to v0.9.0 (#11860) * Update CHANGELOG for #11701 * resource/aws_ecs_cluster: Delay check of ECS Cluster status during creation for ECS eventual consistency (#11701) * Update CHANGELOG for #11693 * resource/aws_appautoscaling_scheduled_action: Automatically retry creation on `ValidationException: ECS service doesn't exist` for ECS eventual consistency (#11693) * Update CHANGELOG for #11692 * resource/aws_dynamodb_table: Skip ResourceNotFoundException during deletion (#11692) * tests/resource/aws_ssm_maintenance_window: Add sweeper (#11689) * tests/provider: Add markdownlint to website-lint target (#11838) * initial commit * Update to use keyvaluetags. * Update Changelog for #10017 * resource/elasticache_cluster: Add Computed flag for Port property and set to true (#10017) * Update CHANGELOG for #9486 * New Data Source: aws_ssm_patch_baseline (#9486) * Update CHANGELOG for #11671 * resource/aws_placement_group: Additional handling for creation and deletion eventual consistency (#11671) * Fix broken documentation formatting for ssm_patch_baseline.html.markdown (#11825) * Update CHANGELOG for #10952 * resource/aws_codebuild_project: Implements git_submodules_config block (#10952) * Update CHANGELOG for #11819 * resource/aws_appautoscaling_target: Prevent state removal at creation (#11819) * Adds storage class analysis data export parameters to resource. Adds tests for empty case * Prevents acc tests and sweeper for AWS Glue workflows in GovCloud, since it's not supported * Update module yaml to v2.2.8 (#11740) * Update module aws/aws-sdk-go to v1.28.9 (#11753) * Update module hashicorp/terraform-plugin-sdk to v1.6.0 (#11802) * Update module bflad/tfproviderlint to v0.8.0 (#11815) * Cleanup after v2.47.0 release * Adds test for removing filter * Adds tests for filter with tags and combined prefix and tags * Adds tests for filter with prefix. Since the API only has a Put operation, use a single function for Create and Update * Updates test S3 bucket name to match sweeper patterns * Prevents empty filter parameter * Adds tests for basic update with `ForceNew` parameters * Adds wait function for deletes * Adds basic CRD operations for the resource with only required fields * Updates tests for Terraform v0.12 format * Renames test values to remove "foo" and "bar". Some additional reformatting * r/aws_appmesh_route: Add support for HTTP header-based routing and route priorities. * add docs * add tags to acm cert data source * add import step to all tests * add import support refactor errors + tests * Adds `BLUE_GREEN` deployment type as needed to tests. AWS ignores `blue_green_deployment_config` if it is not set * r/aws_egress_only_internet_gateway: Support tagging. * Allows deleting `deployment_style`, and resets to default values * Allows deleting `load_balancer_info` blocks * Remove unneeded argument + fix import still not working * Fix Read operation since invitations are purged after 7 days * formatting fix * Add import support for aws_batch_job_definition * Add import support for aws_batch_job_queue #11207 * Detect and handle DynamoDB resource IDs pointing to an index * Add failing testcase * Various aws_cognito_identity_provider improvements * allow snapshot copy grants to be imported * data/aws_lambda_alias: added docs * data/aws_lambda_alias: added basic test * data/aws_lambda_alias: new data source * fix lint * docs update * aws_dms_endpoint: Add support for Kinesis target endpoint * removed unused validator * fix docs * change grant to schema.HashSet type, re-evaluate grant logic, fix minor comments * Error check on fallback * add tests * add docs * add import functionality * Add dms_event_subscription resource * r/aws_lb_target_group: use diff.ForceNew * Fix diff.GetChange on previous commit * r/lb_target_group health chk proto chg req taint * Implementation of acl grants and update in docs - Update to version 2.47.0: NOTES: * resource/aws_efs_file_system: Tagging API calls have been refactored to the AWS standardized `TagResource` and `UntagResource` API calls (from `CreateTags` and `DeleteTags` respectively). Restrictive IAM Policies for Terraform execution may require updates. ([#11654](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11654)) ENHANCEMENTS: * data-source/aws_api_gateway_vpc_link: Add `description`, `status`, `status_message`, `tags`, and `target_arns` attributes ([#10822](https://github.com/terraform-providers/terraform-provider-aws/iss ues/10822)) * data-source/aws_dynamodb_table: Add `server_side_encryption` `kms_key_arn` attribute ([#11081](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11081)) * data-source/aws_efs_file_system: Add `lifecycle_policy`, `provisioned_throughput_in_mibps`, and `throughput_mode` attributes ([#11647](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11647)) * data-source/aws_kms_key: Add `customer_master_key_spec` attribute ([#11062](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11062)) * resource/aws_dynamodb_table: Add `server_side_encryption` configuration block `kms_key_arn` argument (support customer managed CMKs for server-side encryption) ([#11081](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11081)) * resource/aws_dynamodb_table: Support in-place updates for `server_side_encryption` configurations ([#11081](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11081)) * resource/aws_elasticsearch_domain: Add `domain_endpoint_options` configuration block (support enforcing HTTPS) ([#10430](https://github.com/terraform-providers/terraform-provider-aws/iss ues/10430)) * resource/aws_gamelift_fleet: Add `fleet_type` argument (support Spot Fleets) ([#8234](https://github.com/terraform-providers/terraform-provider-aws/issu es/8234)) * resource/aws_kms_key: Add `customer_master_key_spec` argument and plan-time validation support for `key_usage` value `SIGN_VERIFY` (support asymmetric keys) ([#11062](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11062)) * resource/aws_sagemaker_notebook_instance: Add `direct_internet_access` argument ([#8618](https://github.com/terraform-providers/terraform-provider-aws/issu es/8618)) * resource/aws_ssm_activation: Add `automation_target_parameter_name` argument ([#11755](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11755)) * resource/aws_ssm_document: Add `target_type` argument ([#11479](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11479)) * resource/aws_ssm_maintenance_window: Add `description` argument ([#11478](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11478)) * resource/aws_storagegateway_gateway: Add `cloudwatch_log_group_arn` argument ([#10939](https://github.com/terraform-providers/terraform-provider-aws/iss ues/10939)) BUG FIXES: * data-source/aws_api_gateway_rest_api: Fixes `root_resource_id` not being set on correctly when REST API contains more than 25 resources ([#11705](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11705)) * resource/aws_cloudwatch_log_subscription_filter: Perform eventual consistency retries on update ([#11739](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11739)) * resource/aws_cognito_user_pool: Deprecate `unused_account_validity_days` argument and add support for `temporary_password_validity_days` argument ([#10890](https://github.com/terraform-providers/terraform-provider-aws/iss ues/10890)) * resource/aws_elasticsearch_domain: Automatically retry resource creation on additional error messages relating to eventual consistency ([#11663](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11663)) * resource/aws_elasticsearch_domain: Ensure in-place version upgrade is fully successful before returning ([#11793](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11793)) * resource/aws_emr_instance_group: Wait for `RUNNING` status on creation ([#11688](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11688)) * resource/aws_ssm_activation: Properly trigger resource recreation when deleted outside Terraform ([#11658](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11658)) * resource/aws_ssm_parameter: Prevent `KeyId` error when switching `type` value from `SecureString` to `String` ([#10819](https://github.com/terraform-providers/terraform-provider-aws/iss ues/10819)) * service/efs: Generate proper `dns_name` attribute hostname suffix in AWS China, AWS C2S, and AWS SC2S partitions ([#11746](https://github.com/terraform-providers/terraform-provider-aws/iss ues/11746)) - For the changes between 2.29.0 and 2.47.0, see CHANGELOG.md included in this package - Update _service file - Include CHANGELOG.md in %doc section - Increase golang API in BuildRequires to > 1.13 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1629=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): terraform-provider-aws-2.59.0-3.8.1 References: https://bugzilla.suse.com/1170264 From sle-updates at lists.suse.com Wed Jul 15 07:16:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:16:25 +0200 (CEST) Subject: SUSE-RU-2020:1520-2: moderate: Recommended update for psqlODBC Message-ID: <20200715131625.29567FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for psqlODBC ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1520-2 Rating: moderate References: #1166821 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for psqlODBC provides the following fixes: - Update to 12.01.0000: * Fix the bug that causes "Error : A parameter cannot be found that matches parameter name". + Enclose the command part * Find_VSDir $vc_ver * with parentheses so that the subsequent * -ne "" * isn't considered to be a parameter. * Cope with the removal of pg_class.relhasoids in PG12 correctly when retrieving updatable cursors. - Changes in 12.00.0000: * Fix the bug that SQLGetDescField() for Field SQL_DESC_COUNT returns SQLINTEGER value which should be of type SQLSMALLINT. * SQLGetTypeInfo() filters SQL_TYPE_DATE, SQL_TYPE_TIME and SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Added support for scalar functions TIMESTAMPADD(), TIMESTAMPDIFF() and EXTRACT(). * The macro IS_NOT_SPACE() is used for not pointers but integers. * Fix a crash bug when SQLProcedureColumns() handles satisfies_hash_partition(). The proargmodes column of satisfies_hash_partition()'s pg_proc entry is not null but the proallargtypes column is null. - Changes in 11.01.0000: * Correct the rgbInfoValue returned by SQLGetInfo(SQL_TIMEDATE_FUNCTIONS, ..). * Because the field 'relhasoids' was dropped in PG12, psqlodbc drivers would have some problems with PG12 servers. * Register drivers {PostgreSQL ANSI} and {PostgreSQL Unicode} during installation on 64bit Windows so that users could use the same connection strings in both x86 and x64 environments. * Correct the rgbInfoValue returned by SQLGetInfo(SQL_LIKE_ESCAPE_CLAUSE, ..). * Fix a typo in SQLForeignKeys-ResultSet-Column. 'deferrablity' should be 'DEFERRABILITY'. * Correct the rgbInfoValue returned by SQLGetInfo(.., SQL_NUMERIC_FUNCTIONS(SQL_SYSTEM_FUNCTIONS or SQL_STRING_FUNCTIONS, ..). * Bug fix: do not forget to set parameter numbers while handling escaped ODBC functions. * Fix test_connection() in setup.c so that settings of conn_settings and pqopt option are reflected properly. - Changes in 11.00.0000: * Remove obsolete maps pointed out. * Remove connSettings option and/or pqopt option from the OutConnectionString parameter of SQLDriverConnect() when each option doesn't exist in InConnectionString parameter. * The parameters should be cast because parameters of concat() function are variadic "any". * Add an alias DX of *Database* keyword for connection strings to aviod the use of "database" keyword which has a special meaning in some apps or middlewares. * Numeric items without precision are unlimited and there's no natural map between SQL data types. Add an option *Numeric(without precision) as* * Fix a bug that SQLSpecialColumns() returns oid/xmin incorrectly when a table does not exist. - Fix build with PostgreSQL 11 that does not have pg_config in the regular devel package anymore. (bsc#1166821) - Changes in 10.03.0000: * Put back the handling of lock_CC_for_rb variable. The variable lock_CC_for_rb should be held per connection. * Fix SQLGetTypeInfo() so that it filters SQL_TYPE_DATE, SQL_TYPE_TIME or SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Revise ConfigDSN() so that it handles the 4th parameter(lpszAttribues) correctly. * Fix a crash bug when handling error messages. Also modified some error messages. * Let SQLTables() or SQLTablePrivileges() show partition tables. * Fix build on Solaris defined(__SUNPRO_C) using Solaris Studio. * Reduce DB access to pg_class or pg_index by caching relhasoids, relhassubclass etc. It would improve the performance of SQLSetPos() or SQLBulkOperations() very much in some cases. - Changes in 10.02.0000: * It's safer to call setlocale(LC_CTYPE, "") than calling setlocale(LC_ALL, "") * Avoid replacing effective notice messages. * Handle MALLOC/REALLOC errors while fetching tuples more effectively. * Make SQLSetPos(SQL_DELETE/SQL_REFRESH) more effective. Because queries calling currtid(2) like select .. from .. where ctid=currtid2(.., ..) cause Seq Scan, their execution may be very slow. It is better to execute queries using subqueries like select .. from .. where ctid=(select currtid2(.., ..)) because they cause Tid Scan. * Fix a crash bug in AddDeleted(). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1520=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): psqlODBC-12.01.0000-3.6.1 psqlODBC-debuginfo-12.01.0000-3.6.1 psqlODBC-debugsource-12.01.0000-3.6.1 References: https://bugzilla.suse.com/1166821 From sle-updates at lists.suse.com Wed Jul 15 07:17:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:17:13 +0200 (CEST) Subject: SUSE-SU-2020:1582-2: moderate: Security update for rubygem-bundler Message-ID: <20200715131713.012ABFDE1@maintenance.suse.de> SUSE Security Update: Security update for rubygem-bundler ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1582-2 Rating: moderate References: #1143436 Cross-References: CVE-2019-3881 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1582=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-bundler-1.16.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-3881.html https://bugzilla.suse.com/1143436 From sle-updates at lists.suse.com Wed Jul 15 07:18:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:18:02 +0200 (CEST) Subject: SUSE-SU-2020:1920-1: important: Security update for python-ipaddress Message-ID: <20200715131802.E2156FDE1@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1920-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1920=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1920=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1920=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1920=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1920=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1920=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python-ipaddress-1.0.18-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-updates at lists.suse.com Wed Jul 15 07:18:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:18:49 +0200 (CEST) Subject: SUSE-SU-2020:1915-1: important: Security update for slirp4netns Message-ID: <20200715131849.BBEA3FDE1@maintenance.suse.de> SUSE Security Update: Security update for slirp4netns ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1915-1 Rating: important References: #1172380 Cross-References: CVE-2020-10756 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1915=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-1915=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): slirp4netns-0.4.7-3.12.1 slirp4netns-debuginfo-0.4.7-3.12.1 slirp4netns-debugsource-0.4.7-3.12.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): slirp4netns-0.4.7-3.12.1 slirp4netns-debuginfo-0.4.7-3.12.1 slirp4netns-debugsource-0.4.7-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-10756.html https://bugzilla.suse.com/1172380 From sle-updates at lists.suse.com Wed Jul 15 07:19:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:19:31 +0200 (CEST) Subject: SUSE-SU-2020:1532-2: moderate: Security update for libxml2 Message-ID: <20200715131931.C8954FDE1@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1532-2 Rating: moderate References: #1172021 Cross-References: CVE-2019-19956 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1532=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1532=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.22.1 python2-libxml2-python-2.9.7-3.22.1 python2-libxml2-python-debuginfo-2.9.7-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.22.1 libxml2-2-debuginfo-2.9.7-3.22.1 libxml2-debugsource-2.9.7-3.22.1 libxml2-devel-2.9.7-3.22.1 libxml2-tools-2.9.7-3.22.1 libxml2-tools-debuginfo-2.9.7-3.22.1 python-libxml2-python-debugsource-2.9.7-3.22.1 python3-libxml2-python-2.9.7-3.22.1 python3-libxml2-python-debuginfo-2.9.7-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-3.22.1 libxml2-2-32bit-debuginfo-2.9.7-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-19956.html https://bugzilla.suse.com/1172021 From sle-updates at lists.suse.com Wed Jul 15 07:20:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:20:15 +0200 (CEST) Subject: SUSE-SU-2020:1919-1: moderate: Security update for rubygem-puma Message-ID: <20200715132015.76972FDE1@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1919-1 Rating: moderate References: #1172175 #1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1919=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1919=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-1919=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 From sle-updates at lists.suse.com Wed Jul 15 07:21:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:21:06 +0200 (CEST) Subject: SUSE-RU-2020:1916-1: moderate: Recommended update for open-vm-tools Message-ID: <20200715132106.4DCECFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1916-1 Rating: moderate References: #1171003 #1171764 #1171765 #1172693 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update to version 11.1.0 (bsc#1171764, jsc#ECO-2164) This version provides a new 'Service Discovery' plugin. (bsc#1171765) - Provide a better pam configuration and authentication. (bsc#1171003, bsc#1172693) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1916=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1916=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): open-vm-tools-debuginfo-11.1.0-4.3.1 open-vm-tools-debugsource-11.1.0-4.3.1 open-vm-tools-desktop-11.1.0-4.3.1 open-vm-tools-desktop-debuginfo-11.1.0-4.3.1 open-vm-tools-sdmp-11.1.0-4.3.1 open-vm-tools-sdmp-debuginfo-11.1.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libvmtools-devel-11.1.0-4.3.1 libvmtools0-11.1.0-4.3.1 libvmtools0-debuginfo-11.1.0-4.3.1 open-vm-tools-11.1.0-4.3.1 open-vm-tools-debuginfo-11.1.0-4.3.1 open-vm-tools-debugsource-11.1.0-4.3.1 open-vm-tools-sdmp-11.1.0-4.3.1 open-vm-tools-sdmp-debuginfo-11.1.0-4.3.1 References: https://bugzilla.suse.com/1171003 https://bugzilla.suse.com/1171764 https://bugzilla.suse.com/1171765 https://bugzilla.suse.com/1172693 From sle-updates at lists.suse.com Wed Jul 15 07:22:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:22:06 +0200 (CEST) Subject: SUSE-RU-2020:1917-1: moderate: Recommended update for open-vm-tools Message-ID: <20200715132206.DE840FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1917-1 Rating: moderate References: #1171003 #1171764 #1171765 #1172693 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update 11.1.0 (build 16036546) (bsc#1171764, jsc#ECO-2164) This version provides a new 'Service Discovery' plugin. (bsc#1171765) The plugin connects with the vRealize Operations Manager product. For more information and details on configuring this plugin, refer to Configuring Service Discovery. In this release, a new tools.conf switch is added to enable and disable the guest customization in the guest virtual machine. By default, the guest customization is enabled. For more details, refer KB 78903. - vm-support is now automatically placed in the /usr/bin directory. - Added version number to Requires: libxmlsec1-openssl1 to help with vgauth version checking. - Provide a better PAM configuration and authentication. (bsc#1171003, bsc#1172693) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1917=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvmtools0-11.1.0-4.24.1 libvmtools0-debuginfo-11.1.0-4.24.1 open-vm-tools-11.1.0-4.24.1 open-vm-tools-debuginfo-11.1.0-4.24.1 open-vm-tools-debugsource-11.1.0-4.24.1 open-vm-tools-desktop-11.1.0-4.24.1 open-vm-tools-desktop-debuginfo-11.1.0-4.24.1 open-vm-tools-sdmp-11.1.0-4.24.1 open-vm-tools-sdmp-debuginfo-11.1.0-4.24.1 References: https://bugzilla.suse.com/1171003 https://bugzilla.suse.com/1171764 https://bugzilla.suse.com/1171765 https://bugzilla.suse.com/1172693 From sle-updates at lists.suse.com Wed Jul 15 07:23:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:23:10 +0200 (CEST) Subject: SUSE-SU-2020:1420-2: Security update for jasper Message-ID: <20200715132310.DC9CFFDE1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1420-2 Rating: low References: #1092115 Cross-References: CVE-2018-9154 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1420=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1420=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.11.8 jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 libjasper-devel-2.0.14-3.11.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 libjasper4-2.0.14-3.11.8 libjasper4-debuginfo-2.0.14-3.11.8 References: https://www.suse.com/security/cve/CVE-2018-9154.html https://bugzilla.suse.com/1092115 From sle-updates at lists.suse.com Wed Jul 15 07:23:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:23:52 +0200 (CEST) Subject: SUSE-RU-2020:1547-2: moderate: Recommended update for fontconfig Message-ID: <20200715132352.C7E9EFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for fontconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1547-2 Rating: moderate References: #1172301 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fontconfig fixes the following issues: - fontconfig-devel-32bit needs to require fontconfig-32bit, needed for Wine development (bsc#1172301) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1547=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fontconfig-2.12.6-4.3.1 fontconfig-debuginfo-2.12.6-4.3.1 fontconfig-debugsource-2.12.6-4.3.1 fontconfig-devel-2.12.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): fontconfig-32bit-2.12.6-4.3.1 fontconfig-32bit-debuginfo-2.12.6-4.3.1 References: https://bugzilla.suse.com/1172301 From sle-updates at lists.suse.com Wed Jul 15 07:24:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:24:33 +0200 (CEST) Subject: SUSE-SU-2020:1918-1: important: Security update for xrdp Message-ID: <20200715132433.27A52FDE1@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1918-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1918=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xrdp-0.9.10-3.3.1 xrdp-debuginfo-0.9.10-3.3.1 xrdp-debugsource-0.9.10-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-updates at lists.suse.com Wed Jul 15 07:25:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:25:17 +0200 (CEST) Subject: SUSE-SU-2020:1914-1: important: Security update for bind Message-ID: <20200715132517.DF7A7FDE1@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1914-1 Rating: important References: #1109160 #1118367 #1118368 #1171740 Cross-References: CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Amended documentation referring to rule types "krb5-subdomain" and "ms-subdomain". This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1914=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1914=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1914=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1914=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1914=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1914=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1914=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1914=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1914=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1914=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1914=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 8 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 7 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Enterprise Storage 5 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Enterprise Storage 5 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - HPE Helion Openstack 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - HPE Helion Openstack 8 (noarch): bind-doc-9.9.9P1-63.17.1 References: https://www.suse.com/security/cve/CVE-2018-5741.html https://www.suse.com/security/cve/CVE-2020-8616.html https://www.suse.com/security/cve/CVE-2020-8617.html https://bugzilla.suse.com/1109160 https://bugzilla.suse.com/1118367 https://bugzilla.suse.com/1118368 https://bugzilla.suse.com/1171740 From sle-updates at lists.suse.com Wed Jul 15 07:26:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:26:25 +0200 (CEST) Subject: SUSE-RU-2020:1923-1: moderate: Recommended update for ceph Message-ID: <20200715132625.1B7A4FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1923-1 Rating: moderate References: #1167477 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph fixes the following issues: - Updated ceph to 14.2.10-392-gb3a13b81cb * This update includes many bug fixes and improvements. For a complete list of all changes, please refer to the upstream release notes: https://ceph.io/releases/v14-2-10-nautilus-released/ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1923=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-1923=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.10.392+gb3a13b81cb-3.44.3 ceph-common-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-debugsource-14.2.10.392+gb3a13b81cb-3.44.3 libcephfs-devel-14.2.10.392+gb3a13b81cb-3.44.3 libcephfs2-14.2.10.392+gb3a13b81cb-3.44.3 libcephfs2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librados-devel-14.2.10.392+gb3a13b81cb-3.44.3 librados-devel-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librados2-14.2.10.392+gb3a13b81cb-3.44.3 librados2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 libradospp-devel-14.2.10.392+gb3a13b81cb-3.44.3 librbd-devel-14.2.10.392+gb3a13b81cb-3.44.3 librbd1-14.2.10.392+gb3a13b81cb-3.44.3 librbd1-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librgw-devel-14.2.10.392+gb3a13b81cb-3.44.3 librgw2-14.2.10.392+gb3a13b81cb-3.44.3 librgw2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-ceph-argparse-14.2.10.392+gb3a13b81cb-3.44.3 python3-cephfs-14.2.10.392+gb3a13b81cb-3.44.3 python3-cephfs-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rados-14.2.10.392+gb3a13b81cb-3.44.3 python3-rados-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rbd-14.2.10.392+gb3a13b81cb-3.44.3 python3-rbd-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rgw-14.2.10.392+gb3a13b81cb-3.44.3 python3-rgw-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 rados-objclass-devel-14.2.10.392+gb3a13b81cb-3.44.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.10.392+gb3a13b81cb-3.44.3 ceph-base-14.2.10.392+gb3a13b81cb-3.44.3 ceph-base-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-common-14.2.10.392+gb3a13b81cb-3.44.3 ceph-common-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-debugsource-14.2.10.392+gb3a13b81cb-3.44.3 ceph-fuse-14.2.10.392+gb3a13b81cb-3.44.3 ceph-fuse-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mds-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mds-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mgr-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mgr-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mon-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mon-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-osd-14.2.10.392+gb3a13b81cb-3.44.3 ceph-osd-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 ceph-radosgw-14.2.10.392+gb3a13b81cb-3.44.3 ceph-radosgw-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 cephfs-shell-14.2.10.392+gb3a13b81cb-3.44.3 libcephfs2-14.2.10.392+gb3a13b81cb-3.44.3 libcephfs2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librados2-14.2.10.392+gb3a13b81cb-3.44.3 librados2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librbd1-14.2.10.392+gb3a13b81cb-3.44.3 librbd1-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 librgw2-14.2.10.392+gb3a13b81cb-3.44.3 librgw2-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-ceph-argparse-14.2.10.392+gb3a13b81cb-3.44.3 python3-cephfs-14.2.10.392+gb3a13b81cb-3.44.3 python3-cephfs-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rados-14.2.10.392+gb3a13b81cb-3.44.3 python3-rados-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rbd-14.2.10.392+gb3a13b81cb-3.44.3 python3-rbd-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 python3-rgw-14.2.10.392+gb3a13b81cb-3.44.3 python3-rgw-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 rbd-fuse-14.2.10.392+gb3a13b81cb-3.44.3 rbd-fuse-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 rbd-mirror-14.2.10.392+gb3a13b81cb-3.44.3 rbd-mirror-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 rbd-nbd-14.2.10.392+gb3a13b81cb-3.44.3 rbd-nbd-debuginfo-14.2.10.392+gb3a13b81cb-3.44.3 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mgr-dashboard-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mgr-diskprediction-local-14.2.10.392+gb3a13b81cb-3.44.3 ceph-mgr-rook-14.2.10.392+gb3a13b81cb-3.44.3 ceph-prometheus-alerts-14.2.10.392+gb3a13b81cb-3.44.3 References: https://bugzilla.suse.com/1167477 From sle-updates at lists.suse.com Wed Jul 15 07:27:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:27:11 +0200 (CEST) Subject: SUSE-SU-2020:1922-1: important: Security update for LibVNCServer Message-ID: <20200715132711.63A7FFDE1@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1922-1 Rating: important References: #1173477 #1173691 #1173694 #1173700 #1173701 #1173743 #1173874 #1173875 #1173876 #1173880 Cross-References: CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1922=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1922=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncclient0-0.9.10-4.22.1 libvncclient0-debuginfo-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncclient0-0.9.10-4.22.1 libvncclient0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 References: https://www.suse.com/security/cve/CVE-2017-18922.html https://www.suse.com/security/cve/CVE-2018-21247.html https://www.suse.com/security/cve/CVE-2019-20839.html https://www.suse.com/security/cve/CVE-2019-20840.html https://www.suse.com/security/cve/CVE-2020-14397.html https://www.suse.com/security/cve/CVE-2020-14398.html https://www.suse.com/security/cve/CVE-2020-14399.html https://www.suse.com/security/cve/CVE-2020-14400.html https://www.suse.com/security/cve/CVE-2020-14401.html https://www.suse.com/security/cve/CVE-2020-14402.html https://bugzilla.suse.com/1173477 https://bugzilla.suse.com/1173691 https://bugzilla.suse.com/1173694 https://bugzilla.suse.com/1173700 https://bugzilla.suse.com/1173701 https://bugzilla.suse.com/1173743 https://bugzilla.suse.com/1173874 https://bugzilla.suse.com/1173875 https://bugzilla.suse.com/1173876 https://bugzilla.suse.com/1173880 From sle-updates at lists.suse.com Wed Jul 15 10:14:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:14:08 +0200 (CEST) Subject: SUSE-SU-2020:1931-1: moderate: Security update for openexr Message-ID: <20200715161408.05E77FC39@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1931-1 Rating: moderate References: #1173466 #1173467 #1173469 Cross-References: CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1931=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1931=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.18.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.18.1 libIlmImfUtil-2_2-23-2.2.1-3.18.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.18.1 openexr-debuginfo-2.2.1-3.18.1 openexr-debugsource-2.2.1-3.18.1 openexr-devel-2.2.1-3.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.18.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.18.1 libIlmImfUtil-2_2-23-2.2.1-3.18.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.18.1 openexr-debuginfo-2.2.1-3.18.1 openexr-debugsource-2.2.1-3.18.1 openexr-devel-2.2.1-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-15304.html https://www.suse.com/security/cve/CVE-2020-15305.html https://www.suse.com/security/cve/CVE-2020-15306.html https://bugzilla.suse.com/1173466 https://bugzilla.suse.com/1173467 https://bugzilla.suse.com/1173469 From sle-updates at lists.suse.com Wed Jul 15 10:15:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:15:51 +0200 (CEST) Subject: SUSE-RU-2020:1707-2: moderate: Recommended update for gnu-free-fonts Message-ID: <20200715161551.A11CBFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-free-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1707-2 Rating: moderate References: #1170856 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnu-free-fonts fixes the following issue: - Fix building with fontforge 20190801. (bsc#1170856) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1707=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gnu-free-fonts-0.20120503-4.3.1 References: https://bugzilla.suse.com/1170856 From sle-updates at lists.suse.com Wed Jul 15 10:16:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:16:35 +0200 (CEST) Subject: SUSE-RU-2020:1926-1: important: Recommended update for oracleasm Message-ID: <20200715161635.625B2FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1926-1 Rating: important References: #1171818 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issues: - Fix for an issue when Oracle ASM receives a false signal from asmlib and terminates ASM processes. (bsc#1171818) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1926=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.26-9.3.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.26-9.3.1 References: https://bugzilla.suse.com/1171818 From sle-updates at lists.suse.com Wed Jul 15 10:17:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:17:23 +0200 (CEST) Subject: SUSE-SU-2020:14423-1: important: Security update for mailman Message-ID: <20200715161723.16BFBFC39@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14423-1 Rating: important References: #1173369 Cross-References: CVE-2020-15011 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mailman-14423=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mailman-14423=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailman-14423=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mailman-14423=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mailman-2.1.15-9.6.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mailman-2.1.15-9.6.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mailman-debuginfo-2.1.15-9.6.26.1 mailman-debugsource-2.1.15-9.6.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mailman-debuginfo-2.1.15-9.6.26.1 mailman-debugsource-2.1.15-9.6.26.1 References: https://www.suse.com/security/cve/CVE-2020-15011.html https://bugzilla.suse.com/1173369 From sle-updates at lists.suse.com Wed Jul 15 10:18:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:18:08 +0200 (CEST) Subject: SUSE-RU-2020:1929-1: Recommended update for python-numpy Message-ID: <20200715161808.1B8E0FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1929-1 Rating: low References: #1166678 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-numpy fixes the following issues: - Fixes a file conflict with /usr/bin/f2py (bsc#1166678) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1929=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-1929=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1929=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-7.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-7.1 python3-numpy-gnu-hpc-1.17.3-7.1 python3-numpy-gnu-hpc-devel-1.17.3-7.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-7.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-7.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-7.1 python3-numpy-1.17.3-7.1 python3-numpy-debuginfo-1.17.3-7.1 python3-numpy-devel-1.17.3-7.1 References: https://bugzilla.suse.com/1166678 From sle-updates at lists.suse.com Wed Jul 15 10:18:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:18:50 +0200 (CEST) Subject: SUSE-OU-2020:1787-2: Recommended update for python-scipy Message-ID: <20200715161850.9B13FFC39@maintenance.suse.de> SUSE Optional Update: Recommended update for python-scipy ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1787-2 Rating: low References: #1171510 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for python-scipy doesn't fix any user visible issues, but improves the package building process. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-1787=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): python-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-4.3.1 python-scipy_1_2_0-gnu-hpc-debugsource-1.2.0-4.3.1 python2-scipy-gnu-hpc-1.2.0-4.3.1 python2-scipy_1_2_0-gnu-hpc-1.2.0-4.3.1 python2-scipy_1_2_0-gnu-hpc-debuginfo-1.2.0-4.3.1 References: https://bugzilla.suse.com/1171510 From sle-updates at lists.suse.com Wed Jul 15 10:19:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:19:30 +0200 (CEST) Subject: SUSE-RU-2020:1759-2: moderate: Recommended update for krb5 Message-ID: <20200715161930.7B423FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1759-2 Rating: moderate References: #1169357 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1759=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1759=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.9.1 krb5-debugsource-1.16.3-3.9.1 krb5-plugin-kdb-ldap-1.16.3-3.9.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.9.1 krb5-server-1.16.3-3.9.1 krb5-server-debuginfo-1.16.3-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.9.1 krb5-client-1.16.3-3.9.1 krb5-client-debuginfo-1.16.3-3.9.1 krb5-debuginfo-1.16.3-3.9.1 krb5-debugsource-1.16.3-3.9.1 krb5-devel-1.16.3-3.9.1 krb5-plugin-preauth-otp-1.16.3-3.9.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.9.1 krb5-plugin-preauth-pkinit-1.16.3-3.9.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): krb5-32bit-1.16.3-3.9.1 krb5-32bit-debuginfo-1.16.3-3.9.1 References: https://bugzilla.suse.com/1169357 From sle-updates at lists.suse.com Wed Jul 15 10:20:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:20:14 +0200 (CEST) Subject: SUSE-SU-2020:1934-1: important: Security update for google-compute-engine Message-ID: <20200715162014.95073FC39@maintenance.suse.de> SUSE Security Update: Security update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1934-1 Rating: important References: #1169978 #1173258 Cross-References: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1934=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1934=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.38.1 google-compute-engine-oslogin-20190801-4.38.1 google-compute-engine-oslogin-debuginfo-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-compute-engine-init-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.38.1 google-compute-engine-oslogin-20190801-4.38.1 google-compute-engine-oslogin-debuginfo-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190801-4.38.1 References: https://www.suse.com/security/cve/CVE-2020-8903.html https://www.suse.com/security/cve/CVE-2020-8907.html https://www.suse.com/security/cve/CVE-2020-8933.html https://bugzilla.suse.com/1169978 https://bugzilla.suse.com/1173258 From sle-updates at lists.suse.com Wed Jul 15 10:21:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:21:50 +0200 (CEST) Subject: SUSE-RU-2020:1924-1: moderate: Recommended update for grub2 Message-ID: <20200715162150.9348CFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1924-1 Rating: moderate References: #1166513 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issue: - Skip not needed zfcpdump kernel from the grub boot menu. (bsc#1166513) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1924=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1924=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.18.1 grub2-debuginfo-2.02-26.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.18.1 grub2-i386-pc-2.02-26.18.1 grub2-powerpc-ieee1275-2.02-26.18.1 grub2-snapper-plugin-2.02-26.18.1 grub2-systemd-sleep-plugin-2.02-26.18.1 grub2-x86_64-efi-2.02-26.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.18.1 References: https://bugzilla.suse.com/1166513 From sle-updates at lists.suse.com Wed Jul 15 10:22:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:22:35 +0200 (CEST) Subject: SUSE-RU-2020:1094-2: moderate: Recommended update for python-google-api-python-client Message-ID: <20200715162235.DE419FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-google-api-python-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1094-2 Rating: moderate References: #1088358 #1160933 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-google-api-python-client fixes the following issues: - Fix dependencies to use google-auth instead of deprecated oauth2client (bsc#1160933, jsc#ECO-1148) python-cachetools 2.0.1 is shipped to the Public Cloud Module. python-google-auth 1.5.1 is shipped to the Public Cloud Module. python-google-api-python-client was updated to: - Upgrade to 1.7.4: just series of minor bugfixes - Fix check for error text on Python 3.7. (#278) - Use new Auth URIs. (#281) - Add code-of-conduct document. (#270) - Fix some typos in test_urllib3.py (#268) - Warn when using user credentials from the Cloud SDK (#266) - Add compute engine-based IDTokenCredentials (#236) - Corrected some typos (#265) Update to 1.4.2: - Raise a helpful exception when trying to refresh credentials without a refresh token. (#262) - Fix links to README and CONTRIBUTING in docs/index.rst. (#260) - Fix a typo in credentials.py. (#256) - Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255) - Fix typo on exemple of jwt usage (#245) New upstream release 1.4.1 (bsc#1088358) - Added a check for the cryptography version before attempting to use it. + From version 1.4.0 - Added `cryptography`-based RSA signer and verifier. - Added `google.oauth2.service_account.IDTokenCredentials`. - Improved documentation around ID Tokens + From version 1.3.0 - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. - ``default()`` now checks for the project ID environment var before warning about missing project ID. - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. - Fixed example in docstring for ``ReadOnlyScoped``. - Made ``transport.requests`` use timeouts and retries to improve reliability. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1094=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1094=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1094=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-google-api-python-client-1.7.4-3.3.1 python3-google-auth-1.5.1-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-google-api-python-client-1.7.4-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-google-api-python-client-1.7.4-3.3.1 References: https://bugzilla.suse.com/1088358 https://bugzilla.suse.com/1160933 From sle-updates at lists.suse.com Wed Jul 15 10:24:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:24:45 +0200 (CEST) Subject: SUSE-SU-2020:1930-1: moderate: Security update for openconnect Message-ID: <20200715162445.43816FC39@maintenance.suse.de> SUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1930-1 Rating: moderate References: #1171862 Cross-References: CVE-2020-12823 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1930=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1930=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): openconnect-7.08-6.9.1 openconnect-debuginfo-7.08-6.9.1 openconnect-debugsource-7.08-6.9.1 openconnect-devel-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): openconnect-lang-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): openconnect-7.08-6.9.1 openconnect-debuginfo-7.08-6.9.1 openconnect-debugsource-7.08-6.9.1 openconnect-devel-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): openconnect-lang-7.08-6.9.1 References: https://www.suse.com/security/cve/CVE-2020-12823.html https://bugzilla.suse.com/1171862 From sle-updates at lists.suse.com Wed Jul 15 10:25:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:25:26 +0200 (CEST) Subject: SUSE-RU-2020:1704-2: moderate: Recommended update for susefirewall2-to-firewalld Message-ID: <20200715162526.C16E1FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for susefirewall2-to-firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1704-2 Rating: moderate References: #1170461 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susefirewall2-to-firewalld fixes the following issues: - Fixed "INVALID_PORT" error message with certain SuSEfirewall2 configurations (bsc#1170461). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1704=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): susefirewall2-to-firewalld-0.0.4-3.9.1 References: https://bugzilla.suse.com/1170461 From sle-updates at lists.suse.com Wed Jul 15 10:27:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:27:05 +0200 (CEST) Subject: SUSE-RU-2020:1928-1: moderate: Recommended update for fence-agents Message-ID: <20200715162705.D0C6DFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1928-1 Rating: moderate References: #1150504 #1169485 #1169852 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for fence-agents fixes the following issues: - aliyun: Include the latest upstream fixes on the Alibaba Cloud fence-agent. (bsc#1150504) - Disable cache discovery for "gcp-vpc-move-route" resource agent. (bsc#1169852) - fence_vmware_rest Failed: 'error' object does not support indexing. (bsc#1169485) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-1928=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-4.13.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-4.13.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-4.13.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-4.13.1 References: https://bugzilla.suse.com/1150504 https://bugzilla.suse.com/1169485 https://bugzilla.suse.com/1169852 From sle-updates at lists.suse.com Wed Jul 15 10:28:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:28:01 +0200 (CEST) Subject: SUSE-RU-2020:1726-2: moderate: Recommended update for python-M2Crypto Message-ID: <20200715162801.183EFFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1726-2 Rating: moderate References: #1172226 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-M2Crypto fixes the following issues: - Release python3-M2crypto to LTSS channels, to allow using salt even when the Server Applications Module is not used. (bsc#1172226) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1726=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1726=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-3.9.1 python-M2Crypto-debugsource-0.35.2-3.9.1 python2-M2Crypto-0.35.2-3.9.1 python2-M2Crypto-debuginfo-0.35.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-3.9.1 python-M2Crypto-debugsource-0.35.2-3.9.1 python3-M2Crypto-0.35.2-3.9.1 python3-M2Crypto-debuginfo-0.35.2-3.9.1 References: https://bugzilla.suse.com/1172226 From sle-updates at lists.suse.com Wed Jul 15 10:28:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:28:47 +0200 (CEST) Subject: SUSE-RU-2019:1376-3: Recommended update for openal-soft Message-ID: <20200715162847.2298FFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for openal-soft ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1376-3 Rating: low References: #1131808 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openal-soft provides the following fixes: - Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1925=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1925=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1925=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 s390x x86_64): openal-soft-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libopenal1-32bit-1.17.2-3.7.41 libopenal1-32bit-debuginfo-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): openal-soft-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): libopenal1-32bit-1.17.2-3.7.41 libopenal1-32bit-debuginfo-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopenal1-1.17.2-3.7.41 libopenal1-debuginfo-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 openal-soft-devel-1.17.2-3.7.41 openal-soft-devel-debuginfo-1.17.2-3.7.41 References: https://bugzilla.suse.com/1131808 From sle-updates at lists.suse.com Wed Jul 15 10:29:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:29:28 +0200 (CEST) Subject: SUSE-RU-2020:1927-1: important: Recommended update for oracleasm Message-ID: <20200715162928.07B56FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1927-1 Rating: important References: #1171818 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issues: - Fix for an issue when Oracle ASM receives a false signal from asmlib and terminates ASM processes. (bsc#1171818) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1927=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-1927=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.45-7.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.45-7.9.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_14.23-7.9.1 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_14.23-7.9.1 References: https://bugzilla.suse.com/1171818 From sle-updates at lists.suse.com Wed Jul 15 10:30:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:30:14 +0200 (CEST) Subject: SUSE-OU-2020:1627-2: Optional update for python-keystoneclient and python-keystoneauth1 Message-ID: <20200715163014.D05EAFC39@maintenance.suse.de> SUSE Optional Update: Optional update for python-keystoneclient and python-keystoneauth1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1627-2 Rating: low References: #1172765 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for python-keystoneclient and python-keystoneauth1 doesn't fix any user visible issues. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1627=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1627=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1627=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-keystoneclient-3.17.0-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-keystoneclient-3.17.0-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-keystoneauth1-3.10.1-4.3.1 python2-keystoneclient-3.17.0-4.3.1 References: https://bugzilla.suse.com/1172765 From sle-updates at lists.suse.com Wed Jul 15 10:31:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:31:01 +0200 (CEST) Subject: SUSE-SU-2020:1709-2: Security update for mercurial Message-ID: <20200715163101.70AEFFDE4@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1709-2 Rating: low References: #1133035 Cross-References: CVE-2019-3902 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1709=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): mercurial-4.5.2-3.9.44 mercurial-debuginfo-4.5.2-3.9.44 mercurial-debugsource-4.5.2-3.9.44 References: https://www.suse.com/security/cve/CVE-2019-3902.html https://bugzilla.suse.com/1133035 From sle-updates at lists.suse.com Wed Jul 15 10:31:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:31:49 +0200 (CEST) Subject: SUSE-SU-2020:1933-1: important: Security update for xrdp Message-ID: <20200715163149.40AD5FC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1933-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1933=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1933=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1933=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1933=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1933=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-updates at lists.suse.com Wed Jul 15 10:32:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:32:34 +0200 (CEST) Subject: SUSE-SU-2020:1657-2: moderate: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20200715163234.06476FC39@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1657-2 Rating: moderate References: #1172377 Cross-References: CVE-2020-13401 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1657=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): containerd-1.2.13-5.22.2 docker-19.03.11_ce-6.34.2 docker-debuginfo-19.03.11_ce-6.34.2 docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2 docker-libnetwork-debuginfo-0.7.0.1+gitr2902_153d0769a118-4.21.2 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): docker-bash-completion-19.03.11_ce-6.34.2 References: https://www.suse.com/security/cve/CVE-2020-13401.html https://bugzilla.suse.com/1172377 From sle-updates at lists.suse.com Wed Jul 15 10:33:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:33:18 +0200 (CEST) Subject: SUSE-RU-2020:0365-2: moderate: Recommended update for lmdb Message-ID: <20200715163318.3EBE2FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for lmdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0365-2 Rating: moderate References: #1159086 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-365=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-365=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-365=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): lmdb-debuginfo-0.9.17-4.6.2 lmdb-debugsource-0.9.17-4.6.2 lmdb-devel-0.9.17-4.6.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): lmdb-debuginfo-0.9.17-4.6.2 lmdb-debugsource-0.9.17-4.6.2 lmdb-devel-0.9.17-4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): liblmdb-0_9_17-0.9.17-4.6.2 liblmdb-0_9_17-debuginfo-0.9.17-4.6.2 lmdb-debuginfo-0.9.17-4.6.2 lmdb-debugsource-0.9.17-4.6.2 References: https://bugzilla.suse.com/1159086 From sle-updates at lists.suse.com Wed Jul 15 10:34:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:34:05 +0200 (CEST) Subject: SUSE-RU-2020:0119-2: moderate: Recommended update for python-jsonpatch Message-ID: <20200715163405.9F979FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-jsonpatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:0119-2 Rating: moderate References: #1160978 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-jsonpatch fixes the following issues: - Drop jsondiff binary to avoid conflict with python-jsondiff package. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-119=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-119=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-119=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-jsonpatch-1.23-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-jsonpatch-1.23-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-jsonpatch-1.23-3.3.1 References: https://bugzilla.suse.com/1160978 From sle-updates at lists.suse.com Wed Jul 15 10:34:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:34:51 +0200 (CEST) Subject: SUSE-RU-2020:1760-2: moderate: Recommended update for systemd Message-ID: <20200715163451.B5493FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1760-2 Rating: moderate References: #1157315 #1162698 #1164538 #1169488 #1171145 #1172072 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1760=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.52.3 libsystemd0-debuginfo-234-24.52.3 libudev-devel-234-24.52.3 libudev1-234-24.52.3 libudev1-debuginfo-234-24.52.3 systemd-234-24.52.3 systemd-container-234-24.52.3 systemd-container-debuginfo-234-24.52.3 systemd-coredump-234-24.52.3 systemd-coredump-debuginfo-234-24.52.3 systemd-debuginfo-234-24.52.3 systemd-debugsource-234-24.52.3 systemd-devel-234-24.52.3 systemd-sysvinit-234-24.52.3 udev-234-24.52.3 udev-debuginfo-234-24.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.52.3 libsystemd0-32bit-debuginfo-234-24.52.3 libudev1-32bit-234-24.52.3 libudev1-32bit-debuginfo-234-24.52.3 systemd-32bit-234-24.52.3 systemd-32bit-debuginfo-234-24.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.52.3 References: https://bugzilla.suse.com/1157315 https://bugzilla.suse.com/1162698 https://bugzilla.suse.com/1164538 https://bugzilla.suse.com/1169488 https://bugzilla.suse.com/1171145 https://bugzilla.suse.com/1172072 From sle-updates at lists.suse.com Wed Jul 15 19:13:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jul 2020 03:13:13 +0200 (CEST) Subject: SUSE-SU-2020:1937-1: moderate: Security update for cairo Message-ID: <20200716011313.ACD8BFDE4@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1937-1 Rating: moderate References: #1049092 Cross-References: CVE-2017-9814 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert "Correctly decode Adobe CMYK JPEGs in PDF export". - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leaks found by Coverity. - Fix assertion failure in the freetype backend. (fdo#105746). - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1937=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1937=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): cairo-debugsource-1.16.0-4.8.1 libcairo2-32bit-1.16.0-4.8.1 libcairo2-32bit-debuginfo-1.16.0-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.16.0-4.8.1 cairo-devel-1.16.0-4.8.1 libcairo-gobject2-1.16.0-4.8.1 libcairo-gobject2-debuginfo-1.16.0-4.8.1 libcairo-script-interpreter2-1.16.0-4.8.1 libcairo-script-interpreter2-debuginfo-1.16.0-4.8.1 libcairo2-1.16.0-4.8.1 libcairo2-debuginfo-1.16.0-4.8.1 References: https://www.suse.com/security/cve/CVE-2017-9814.html https://bugzilla.suse.com/1049092 From sle-updates at lists.suse.com Thu Jul 16 10:14:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jul 2020 18:14:57 +0200 (CEST) Subject: SUSE-RU-2020:1938-1: moderate: Recommended update for libsolv, libzypp, zypper Message-ID: <20200716161457.E26B1FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1938-1 Rating: moderate References: #1169947 #1170801 #1172925 #1173106 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1938=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1938=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.3.2 libsolv-debugsource-0.7.14-3.3.2 perl-solv-0.7.14-3.3.2 perl-solv-debuginfo-0.7.14-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.3.2 libsolv-debugsource-0.7.14-3.3.2 libsolv-devel-0.7.14-3.3.2 libsolv-devel-debuginfo-0.7.14-3.3.2 libsolv-tools-0.7.14-3.3.2 libsolv-tools-debuginfo-0.7.14-3.3.2 libzypp-17.24.0-3.7.1 libzypp-debuginfo-17.24.0-3.7.1 libzypp-debugsource-17.24.0-3.7.1 libzypp-devel-17.24.0-3.7.1 python3-solv-0.7.14-3.3.2 python3-solv-debuginfo-0.7.14-3.3.2 ruby-solv-0.7.14-3.3.2 ruby-solv-debuginfo-0.7.14-3.3.2 zypper-1.14.37-3.3.3 zypper-debuginfo-1.14.37-3.3.3 zypper-debugsource-1.14.37-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): zypper-log-1.14.37-3.3.3 zypper-needs-restarting-1.14.37-3.3.3 References: https://bugzilla.suse.com/1169947 https://bugzilla.suse.com/1170801 https://bugzilla.suse.com/1172925 https://bugzilla.suse.com/1173106 From sle-updates at lists.suse.com Fri Jul 17 10:13:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:13:23 +0200 (CEST) Subject: SUSE-SU-2020:1948-1: important: Security update for ldb, samba Message-ID: <20200717161323.2D6BFFC39@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1948-1 Rating: important References: #1141320 #1162680 #1169095 #1169521 #1169850 #1169851 #1171437 #1172307 #1173159 #1173160 #1173161 #1173359 #1174120 Cross-References: CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 7 fixes is now available. Description: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1948=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1948=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1948=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.11+git.180.2cf3b203f07-4.5.1 samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-4.5.1 samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.0.12-3.3.1 ldb-tools-2.0.12-3.3.1 ldb-tools-debuginfo-2.0.12-3.3.1 libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libldb-devel-2.0.12-3.3.1 libldb2-2.0.12-3.3.1 libldb2-debuginfo-2.0.12-3.3.1 libndr-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient0-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 python3-ldb-2.0.12-3.3.1 python3-ldb-debuginfo-2.0.12-3.3.1 python3-ldb-devel-2.0.12-3.3.1 samba-4.11.11+git.180.2cf3b203f07-4.5.1 samba-client-4.11.11+git.180.2cf3b203f07-4.5.1 samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-core-devel-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-python3-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-python3-4.11.11+git.180.2cf3b203f07-4.5.1 samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.11+git.180.2cf3b203f07-4.5.1 samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libldb2-32bit-2.0.12-3.3.1 libldb2-32bit-debuginfo-2.0.12-3.3.1 libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.11+git.180.2cf3b203f07-4.5.1 ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 References: https://www.suse.com/security/cve/CVE-2020-10700.html https://www.suse.com/security/cve/CVE-2020-10704.html https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1141320 https://bugzilla.suse.com/1162680 https://bugzilla.suse.com/1169095 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1169850 https://bugzilla.suse.com/1169851 https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 https://bugzilla.suse.com/1174120 From sle-updates at lists.suse.com Fri Jul 17 10:15:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:15:25 +0200 (CEST) Subject: SUSE-RU-2020:1945-1: moderate: Recommended update for pacemaker Message-ID: <20200717161525.E177FFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1945-1 Rating: moderate References: #1148236 #1154881 #1155290 #1160410 #1168771 #1171372 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Fixes handling of fence-agents through its parameters in pacemaker (bsc#1171372) - Implement priority fencing delay to make a coordinated, successful fencing in case of 'split-brain'. (jsc#ECO-1611, jsc#SLE-12237) - Fix for an issue when cluster rolling upgrade brakes due to too high corosync ringid that pacemake is not able to handle. (bsc#1168771) - Fixes an issue when pacemaker fails with option '-fno-common'. (bsc#1160410) - Improve error checking and log messages for API action requests in fencer. (bsc#1148236) - Fix for faulty mode indication by checking if cluster-wide 'maintenance-mode=true' overrides per-resource settings. (bsc#1154881) - Clear all prefer constraints when performing a move. (bsc#1155290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1945=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-1945=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cts-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cts-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-debugsource-1.1.23+20200622.28dd98fad-3.6.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.23+20200622.28dd98fad-3.6.1 libpacemaker3-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cli-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cli-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cts-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-cts-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-debugsource-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-remote-1.1.23+20200622.28dd98fad-3.6.1 pacemaker-remote-debuginfo-1.1.23+20200622.28dd98fad-3.6.1 References: https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1154881 https://bugzilla.suse.com/1155290 https://bugzilla.suse.com/1160410 https://bugzilla.suse.com/1168771 https://bugzilla.suse.com/1171372 From sle-updates at lists.suse.com Fri Jul 17 10:16:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:16:46 +0200 (CEST) Subject: SUSE-SU-2020:1944-1: moderate: Security update for ant Message-ID: <20200717161646.5E2C0FC39@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1944-1 Rating: moderate References: #1171696 Cross-References: CVE-2020-1945 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1944=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): ant-1.10.7-4.3.1 ant-antlr-1.10.7-4.3.1 ant-apache-bcel-1.10.7-4.3.1 ant-apache-bsf-1.10.7-4.3.1 ant-apache-log4j-1.10.7-4.3.1 ant-apache-oro-1.10.7-4.3.1 ant-apache-regexp-1.10.7-4.3.1 ant-apache-resolver-1.10.7-4.3.1 ant-commons-logging-1.10.7-4.3.1 ant-javamail-1.10.7-4.3.1 ant-jdepend-1.10.7-4.3.1 ant-jmf-1.10.7-4.3.1 ant-junit-1.10.7-4.3.1 ant-manual-1.10.7-4.3.1 ant-scripts-1.10.7-4.3.1 ant-swing-1.10.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-1945.html https://bugzilla.suse.com/1171696 From sle-updates at lists.suse.com Fri Jul 17 10:17:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:17:30 +0200 (CEST) Subject: SUSE-RU-2020:1942-1: moderate: Recommended update for python-kiwi Message-ID: <20200717161730.39A5CFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1942-1 Rating: moderate References: #1143454 #1156677 #1163978 #1164310 #1165578 #1165823 #1165960 #1167746 #1168480 #1168973 #1172928 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Fixed checking for root device in grub config. (bsc#1172928) - Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677) - Fix for the issue when the sizing of virtual cylinders with some disks do not multiple of the cylinder size, and the last cylinder is wasted. If this is more than 5MiB, kiwi tries to resize indefinitely. (bsc#1165823) - Implement support for dynamic 'EFI' by extending grub setup. (bsc#1165960, bsc#1168480) - Fixed result map for OEM pxe install. (bsc#1165578) - Add SECURE_BOOT parameter for 'grub2' in 'efi' mode. (bsc#1167746) - Fix order in fstab. Any mount point directly under '/' should be just right after the root mountpoint and before the custom mountpoints based on user's subvolume configuration. (bsc#1164310) - Fixed handling of fillup templates. (bsc#1163978) - Start using tftp system user package. (bsc#1143454) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1942=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1942=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1942=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1942=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dracut-kiwi-lib-9.20.5-3.30.4 dracut-kiwi-live-9.20.5-3.30.4 dracut-kiwi-oem-dump-9.20.5-3.30.4 dracut-kiwi-oem-repart-9.20.5-3.30.4 dracut-kiwi-overlay-9.20.5-3.30.4 kiwi-man-pages-9.20.5-3.30.4 kiwi-tools-9.20.5-3.30.4 kiwi-tools-debuginfo-9.20.5-3.30.4 python-kiwi-debugsource-9.20.5-3.30.4 python3-kiwi-9.20.5-3.30.4 - SUSE Linux Enterprise Server for SAP 15 (x86_64): kiwi-pxeboot-9.20.5-3.30.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dracut-kiwi-lib-9.20.5-3.30.4 dracut-kiwi-live-9.20.5-3.30.4 dracut-kiwi-oem-dump-9.20.5-3.30.4 dracut-kiwi-oem-repart-9.20.5-3.30.4 dracut-kiwi-overlay-9.20.5-3.30.4 kiwi-man-pages-9.20.5-3.30.4 kiwi-tools-9.20.5-3.30.4 kiwi-tools-debuginfo-9.20.5-3.30.4 python-kiwi-debugsource-9.20.5-3.30.4 python3-kiwi-9.20.5-3.30.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dracut-kiwi-lib-9.20.5-3.30.4 dracut-kiwi-live-9.20.5-3.30.4 dracut-kiwi-oem-dump-9.20.5-3.30.4 dracut-kiwi-oem-repart-9.20.5-3.30.4 dracut-kiwi-overlay-9.20.5-3.30.4 kiwi-man-pages-9.20.5-3.30.4 kiwi-tools-9.20.5-3.30.4 kiwi-tools-debuginfo-9.20.5-3.30.4 python-kiwi-debugsource-9.20.5-3.30.4 python3-kiwi-9.20.5-3.30.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): kiwi-pxeboot-9.20.5-3.30.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dracut-kiwi-lib-9.20.5-3.30.4 dracut-kiwi-live-9.20.5-3.30.4 dracut-kiwi-oem-dump-9.20.5-3.30.4 dracut-kiwi-oem-repart-9.20.5-3.30.4 dracut-kiwi-overlay-9.20.5-3.30.4 kiwi-man-pages-9.20.5-3.30.4 kiwi-tools-9.20.5-3.30.4 kiwi-tools-debuginfo-9.20.5-3.30.4 python-kiwi-debugsource-9.20.5-3.30.4 python3-kiwi-9.20.5-3.30.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): kiwi-pxeboot-9.20.5-3.30.4 References: https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1172928 From sle-updates at lists.suse.com Fri Jul 17 10:19:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:19:18 +0200 (CEST) Subject: SUSE-SU-2020:1940-1: important: Security update for python-ipaddress Message-ID: <20200717161918.81D90FC39@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1940-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1940=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1940=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-ipaddress-1.0.22-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-ipaddress-1.0.22-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-updates at lists.suse.com Fri Jul 17 10:20:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:20:05 +0200 (CEST) Subject: SUSE-SU-2020:1946-1: important: Security update for squid Message-ID: <20200717162005.7142FFC39@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1946-1 Rating: important References: #1173455 Cross-References: CVE-2020-15049 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1946=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1946=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1946=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1946=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1946=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1946=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1946=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1946=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1946=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1946=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1946=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1946=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - HPE Helion Openstack 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://bugzilla.suse.com/1173455 From sle-updates at lists.suse.com Fri Jul 17 10:20:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:20:53 +0200 (CEST) Subject: SUSE-SU-2020:1943-1: important: Security update for xrdp Message-ID: <20200717162053.8B5E8FC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1943-1 Rating: important References: #1138954 #1144327 #1144379 #1150584 #1152711 #1153471 #1155789 #1155952 #1157860 #1173580 Cross-References: CVE-2017-6967 CVE-2020-4044 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1943=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1943=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1943=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1943=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 References: https://www.suse.com/security/cve/CVE-2017-6967.html https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1138954 https://bugzilla.suse.com/1144327 https://bugzilla.suse.com/1144379 https://bugzilla.suse.com/1150584 https://bugzilla.suse.com/1152711 https://bugzilla.suse.com/1153471 https://bugzilla.suse.com/1155789 https://bugzilla.suse.com/1155952 https://bugzilla.suse.com/1157860 https://bugzilla.suse.com/1173580 From sle-updates at lists.suse.com Fri Jul 17 10:22:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:22:42 +0200 (CEST) Subject: SUSE-SU-2020:14424-1: important: Security update for LibVNCServer Message-ID: <20200717162242.4106AFC39@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14424-1 Rating: important References: #1173691 #1173694 #1173700 #1173701 #1173743 #1173880 Cross-References: CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-LibVNCServer-14424=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-LibVNCServer-14424=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-14424=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-LibVNCServer-14424=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): LibVNCServer-0.9.1-160.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.19.1 LibVNCServer-debugsource-0.9.1-160.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.19.1 LibVNCServer-debugsource-0.9.1-160.19.1 References: https://www.suse.com/security/cve/CVE-2020-14397.html https://www.suse.com/security/cve/CVE-2020-14398.html https://www.suse.com/security/cve/CVE-2020-14399.html https://www.suse.com/security/cve/CVE-2020-14400.html https://www.suse.com/security/cve/CVE-2020-14401.html https://www.suse.com/security/cve/CVE-2020-14402.html https://bugzilla.suse.com/1173691 https://bugzilla.suse.com/1173694 https://bugzilla.suse.com/1173700 https://bugzilla.suse.com/1173701 https://bugzilla.suse.com/1173743 https://bugzilla.suse.com/1173880 From sle-updates at lists.suse.com Fri Jul 17 10:23:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:23:57 +0200 (CEST) Subject: SUSE-RU-2020:1941-1: moderate: Recommended update for NetworkManager-branding Message-ID: <20200717162357.726B2FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1941-1 Rating: moderate References: #1172773 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager-branding fixes the following issues: - Fix an issue when NetworkManager uses an enexpanded macro. (bsc#1172773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1941=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): NetworkManager-branding-SLE-42.1-3.3.1 References: https://bugzilla.suse.com/1172773 From sle-updates at lists.suse.com Fri Jul 17 10:24:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:24:39 +0200 (CEST) Subject: SUSE-SU-2020:1939-1: important: Security update for python-ipaddress Message-ID: <20200717162439.6AC5EFC39@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1939-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1939=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1939=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1939=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-ipaddress-1.0.18-3.3.1 - HPE Helion Openstack 8 (noarch): python-ipaddress-1.0.18-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-updates at lists.suse.com Fri Jul 17 13:13:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 21:13:05 +0200 (CEST) Subject: SUSE-RU-2020:1949-1: moderate: Recommended update for unar Message-ID: <20200717191305.6C8E7FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for unar ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1949-1 Rating: moderate References: #1127736 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for unar fixes the following issue: - Fix extracting RAR5 archives larger than 4GB (bsc#1127736) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1949=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): unar-1.10.1-4.6.1 unar-debuginfo-1.10.1-4.6.1 unar-debugsource-1.10.1-4.6.1 References: https://bugzilla.suse.com/1127736 From sle-updates at lists.suse.com Fri Jul 17 13:13:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 21:13:51 +0200 (CEST) Subject: SUSE-RU-2020:1951-1: moderate: Recommended update for open-vm-tools Message-ID: <20200717191351.EA15BFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1951-1 Rating: moderate References: #1171003 #1171764 #1171765 #1172693 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update 11.1.0 (build 16036546) (bsc#1171764, jsc#ECO-2164) This version provides a new 'Service Discovery' plugin. (bsc#1171765) The plugin connects with the vRealize Operations Manager product. For more information and details on configuring this plugin, refer to Configuring Service Discovery. In this release, a new tools.conf switch is added to enable and disable the guest customization in the guest virtual machine. By default, the guest customization is enabled. For more details, refer KB 78903. - vm-support is now automatically placed in the /usr/bin directory. - Added version number to Requires: libxmlsec1-openssl1 to help with vgauth version checking. - Provide a better PAM configuration and authentication. (bsc#1171003, bsc#1172693) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1951=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1951=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): open-vm-tools-debuginfo-11.1.0-3.17.1 open-vm-tools-debugsource-11.1.0-3.17.1 open-vm-tools-desktop-11.1.0-3.17.1 open-vm-tools-desktop-debuginfo-11.1.0-3.17.1 open-vm-tools-sdmp-11.1.0-3.17.1 open-vm-tools-sdmp-debuginfo-11.1.0-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libvmtools-devel-11.1.0-3.17.1 libvmtools0-11.1.0-3.17.1 libvmtools0-debuginfo-11.1.0-3.17.1 open-vm-tools-11.1.0-3.17.1 open-vm-tools-debuginfo-11.1.0-3.17.1 open-vm-tools-debugsource-11.1.0-3.17.1 open-vm-tools-sdmp-11.1.0-3.17.1 open-vm-tools-sdmp-debuginfo-11.1.0-3.17.1 References: https://bugzilla.suse.com/1171003 https://bugzilla.suse.com/1171764 https://bugzilla.suse.com/1171765 https://bugzilla.suse.com/1172693 From sle-updates at lists.suse.com Fri Jul 17 13:14:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 21:14:51 +0200 (CEST) Subject: SUSE-RU-2020:1952-1: moderate: Recommended update for zypper-migration-plugin Message-ID: <20200717191451.9723AFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1952-1 Rating: moderate References: #1171652 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1952=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): zypper-migration-plugin-0.12.1590748670.86b0749-6.7.1 References: https://bugzilla.suse.com/1171652 From sle-updates at lists.suse.com Fri Jul 17 13:15:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2020 21:15:32 +0200 (CEST) Subject: SUSE-RU-2020:1950-1: moderate: Recommended update for dracut Message-ID: <20200717191532.128CFFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1950-1 Rating: moderate References: #1161573 #1165828 #1169997 #1172807 #1173560 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1950=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.152.g8506e86f-3.8.1 dracut-debuginfo-049.1+suse.152.g8506e86f-3.8.1 dracut-debugsource-049.1+suse.152.g8506e86f-3.8.1 dracut-fips-049.1+suse.152.g8506e86f-3.8.1 dracut-ima-049.1+suse.152.g8506e86f-3.8.1 References: https://bugzilla.suse.com/1161573 https://bugzilla.suse.com/1165828 https://bugzilla.suse.com/1169997 https://bugzilla.suse.com/1172807 https://bugzilla.suse.com/1173560 From sle-updates at lists.suse.com Fri Jul 17 22:14:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jul 2020 06:14:53 +0200 (CEST) Subject: SUSE-RU-2020:1954-1: moderate: Recommended update for cracklib Message-ID: <20200718041453.914A1FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1954-1 Rating: moderate References: #1172396 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1954=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cracklib-2.9.7-11.3.1 cracklib-debuginfo-2.9.7-11.3.1 cracklib-debugsource-2.9.7-11.3.1 cracklib-devel-2.9.7-11.3.1 cracklib-dict-small-2.9.7-11.3.1 libcrack2-2.9.7-11.3.1 libcrack2-debuginfo-2.9.7-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcrack2-32bit-2.9.7-11.3.1 libcrack2-32bit-debuginfo-2.9.7-11.3.1 References: https://bugzilla.suse.com/1172396 From sle-updates at lists.suse.com Fri Jul 17 22:17:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jul 2020 06:17:00 +0200 (CEST) Subject: SUSE-OU-2020:1527-2: Optional update for alsa-plugins Message-ID: <20200718041700.1C623FDE1@maintenance.suse.de> SUSE Optional Update: Optional update for alsa-plugins ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1527-2 Rating: low References: #1171586 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for alsa-plugins doesn't fix any user visible issues, but changes the way the package is being built. An installation is optional and not required. (bsc#1171586, jsc#SLE-11987) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1527=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1527=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): alsa-plugins-debuginfo-1.1.5-3.3.1 alsa-plugins-debugsource-1.1.5-3.3.1 alsa-plugins-pulse-1.1.5-3.3.1 alsa-plugins-pulse-debuginfo-1.1.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): alsa-plugins-1.1.5-3.3.1 alsa-plugins-debuginfo-1.1.5-3.3.1 alsa-plugins-debugsource-1.1.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): alsa-plugins-32bit-1.1.5-3.3.1 alsa-plugins-32bit-debuginfo-1.1.5-3.3.1 References: https://bugzilla.suse.com/1171586 From sle-updates at lists.suse.com Fri Jul 17 22:17:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jul 2020 06:17:43 +0200 (CEST) Subject: SUSE-OU-2020:1674-2: Optional update for opensaml Message-ID: <20200718041743.73A2DFDE1@maintenance.suse.de> SUSE Optional Update: Optional update for opensaml ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:1674-2 Rating: low References: #1172352 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for opensaml doesn't address any user visible bugs. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1674=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libsaml-devel-2.6.1-3.3.1 libsaml9-2.6.1-3.3.1 libsaml9-debuginfo-2.6.1-3.3.1 opensaml-debuginfo-2.6.1-3.3.1 opensaml-debugsource-2.6.1-3.3.1 opensaml-schemas-2.6.1-3.3.1 References: https://bugzilla.suse.com/1172352 From sle-updates at lists.suse.com Fri Jul 17 22:18:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jul 2020 06:18:26 +0200 (CEST) Subject: SUSE-RU-2020:1953-1: important: Recommended update for parted Message-ID: <20200718041826.114F0FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1953-1 Rating: important References: #1164260 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1953=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libparted0-3.2-11.14.1 libparted0-debuginfo-3.2-11.14.1 parted-3.2-11.14.1 parted-debuginfo-3.2-11.14.1 parted-debugsource-3.2-11.14.1 parted-devel-3.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libparted0-32bit-3.2-11.14.1 libparted0-32bit-debuginfo-3.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): parted-lang-3.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libparted0-3.2-11.14.1 libparted0-debuginfo-3.2-11.14.1 parted-3.2-11.14.1 parted-debuginfo-3.2-11.14.1 parted-debugsource-3.2-11.14.1 parted-devel-3.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): parted-lang-3.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libparted0-32bit-3.2-11.14.1 libparted0-32bit-debuginfo-3.2-11.14.1 References: https://bugzilla.suse.com/1164260 From sle-updates at lists.suse.com Fri Jul 17 22:19:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jul 2020 06:19:15 +0200 (CEST) Subject: SUSE-RU-2020:1955-1: Recommended update for python-Sphinx Message-ID: <20200718041915.18C28FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-Sphinx ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1955-1 Rating: low References: #1172721 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-Sphinx fixes the following issues: - Disable test 'test_correct_year' as the range is no longer matched. (bsc#1172721) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1955=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1955=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1955=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1955=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-Sphinx-1.7.6-3.6.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-Sphinx-1.7.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): python3-Sphinx-1.7.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): python3-Sphinx-1.7.6-3.6.2 References: https://bugzilla.suse.com/1172721 From sle-updates at lists.suse.com Mon Jul 20 10:13:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 18:13:14 +0200 (CEST) Subject: SUSE-SU-2020:1957-1: moderate: Security update for cni-plugins Message-ID: <20200720161314.1CC9DFC39@maintenance.suse.de> SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1957-1 Rating: moderate References: #1172410 Cross-References: CVE-2020-10749 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1957=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1957=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-1957=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): cni-plugins-0.8.6-3.6.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-3.6.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-10749.html https://bugzilla.suse.com/1172410 From sle-updates at lists.suse.com Mon Jul 20 10:13:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 18:13:55 +0200 (CEST) Subject: SUSE-SU-2020:1958-1: moderate: Security update for MozillaFirefox Message-ID: <20200720161355.C13F7FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1958-1 Rating: moderate References: #1173948 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR * Fixed: Security fix * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1958=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1958=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.2-3.97.1 MozillaFirefox-debuginfo-78.0.2-3.97.1 MozillaFirefox-debugsource-78.0.2-3.97.1 MozillaFirefox-translations-common-78.0.2-3.97.1 MozillaFirefox-translations-other-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.2-3.97.1 MozillaFirefox-debuginfo-78.0.2-3.97.1 MozillaFirefox-debugsource-78.0.2-3.97.1 MozillaFirefox-translations-common-78.0.2-3.97.1 MozillaFirefox-translations-other-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.2-3.97.1 References: https://bugzilla.suse.com/1173948 From sle-updates at lists.suse.com Mon Jul 20 10:15:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 18:15:18 +0200 (CEST) Subject: SUSE-RU-2020:14425-1: moderate: Recommended update for microcode_ctl Message-ID: <20200720161518.B1C72FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14425-1 Rating: moderate References: #1172856 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for microcode_ctl fixes the following issues: Updated Intel CPU Microcode to 20200616 official release (bsc#1172856) - revert 06-4e-03 Skylake U/Y, U23e ucode back to 000000d6 release - revert 06-5e-03 Skylake H/S ucode back to 000000d6 release, as both cause stability issues. (bsc#1172856) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14425=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14425=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.56.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.56.1 References: https://bugzilla.suse.com/1172856 From sle-updates at lists.suse.com Mon Jul 20 12:04:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 20:04:53 +0200 (CEST) Subject: SUSE-CU-2020:365-1: Recommended update of suse/sle15 Message-ID: <20200720180453.46955FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:365-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.701 Container Release : 8.2.701 Severity : moderate Type : recommended References : 1169947 1170801 1172925 1173106 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) From sle-updates at lists.suse.com Mon Jul 20 12:05:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 20:05:00 +0200 (CEST) Subject: SUSE-CU-2020:366-1: Recommended update of suse/sle15 Message-ID: <20200720180500.55853FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:366-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.702 Container Release : 8.2.702 Severity : moderate Type : recommended References : 1172396 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. From sle-updates at lists.suse.com Mon Jul 20 13:15:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 21:15:30 +0200 (CEST) Subject: SUSE-RU-2020:1961-1: moderate: Recommended update for PackageKit Message-ID: <20200720191530.F1B78FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1961-1 Rating: moderate References: #1170562 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for PackageKit fixes the following issue: - pkcon: exit with return value 5 if no packages needed be installed. (bsc#1170562) In case a user asks to install an already installed package the new return value 5 message is "Nothing useful was done" instead of return value 7 message "The transaction failed, see the detailed error for more information." Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1961=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1961=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): PackageKit-debuginfo-1.1.13-4.3.1 PackageKit-debugsource-1.1.13-4.3.1 PackageKit-gstreamer-plugin-1.1.13-4.3.1 PackageKit-gstreamer-plugin-debuginfo-1.1.13-4.3.1 PackageKit-gtk3-module-1.1.13-4.3.1 PackageKit-gtk3-module-debuginfo-1.1.13-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.13-4.3.1 PackageKit-backend-zypp-1.1.13-4.3.1 PackageKit-backend-zypp-debuginfo-1.1.13-4.3.1 PackageKit-debuginfo-1.1.13-4.3.1 PackageKit-debugsource-1.1.13-4.3.1 PackageKit-devel-1.1.13-4.3.1 PackageKit-devel-debuginfo-1.1.13-4.3.1 libpackagekit-glib2-18-1.1.13-4.3.1 libpackagekit-glib2-18-debuginfo-1.1.13-4.3.1 libpackagekit-glib2-devel-1.1.13-4.3.1 typelib-1_0-PackageKitGlib-1_0-1.1.13-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): PackageKit-lang-1.1.13-4.3.1 References: https://bugzilla.suse.com/1170562 From sle-updates at lists.suse.com Mon Jul 20 13:16:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 21:16:12 +0200 (CEST) Subject: SUSE-SU-2020:1962-1: important: Security update for tomcat Message-ID: <20200720191612.726C0FDE1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1962-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-1962=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.38.1 tomcat-admin-webapps-9.0.36-4.38.1 tomcat-el-3_0-api-9.0.36-4.38.1 tomcat-jsp-2_3-api-9.0.36-4.38.1 tomcat-lib-9.0.36-4.38.1 tomcat-servlet-4_0-api-9.0.36-4.38.1 tomcat-webapps-9.0.36-4.38.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-updates at lists.suse.com Mon Jul 20 13:17:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2020 21:17:35 +0200 (CEST) Subject: SUSE-SU-2020:1963-1: important: Security update for tomcat Message-ID: <20200720191735.8DC1BFDE1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1963-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1963=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1963=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1963=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1963=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1963=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-updates at lists.suse.com Mon Jul 20 16:13:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 00:13:49 +0200 (CEST) Subject: SUSE-RU-2020:1964-1: moderate: Recommended update for release-notes-susemanager Message-ID: <20200720221349.DAE41FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1964-1 Rating: moderate References: #1174229 Affected Products: SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-susemanager fixes the following issues: - Update release notes for SUSE Manager 4.1.0. Bugs mentioned: bsc#1174229 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2020-1964=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.0.3-3.9.1 References: https://bugzilla.suse.com/1174229 From sle-updates at lists.suse.com Mon Jul 20 22:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:13:37 +0200 (CEST) Subject: SUSE-SU-2020:1974-1: moderate: Security update for salt Message-ID: <20200721041337.E65F5FDE1@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1974-1 Rating: moderate References: #1159284 #1165572 #1167437 #1168340 #1169604 #1170104 #1170288 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for salt contains the following fixes: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. (bsc#1165572) - Add option to enable/disable force refresh for zypper. - Add publish_batch to ClearFuncs exposed methods. - Adds test for zypper abbreviation fix. - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions. (bsc#1169604) - Avoid traceback on debug logging for swarm module. (bsc#1172075) - Batch mode now also correctly provides return value. (bsc#1168340) - Better import cache handline. - Do not make file.recurse state to fail when msgpack 0.5.4. (bsc#1167437) - Do not require vendored backports-abc. (bsc#1170288) - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation. - Fix for low rpm_lowpkg unit test. - Fix for temp folder definition in loader unit test. - Fix for unless requisite when pip is not installed. - Fix integration test failure for test_mod_del_repo_multiline_values. - Fix regression in service states with reload argument. - Fix tornado imports and missing _utils after rebasing patches. - Fix status attribute issue in aptpkg test. - Improved storage pool or network handling. - loop: fix variable names for until_no_eval. - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2. - Make setup.py script not to require setuptools greater than 9.1. - More robust remote port detection. - Prevent sporious "salt-api" stuck processes when managing SSH minions. because of logging deadlock. (bsc#1159284) - Python3.8 compatibility changes. - Removes unresolved merge conflict in yumpkg module. - Returns a the list of IPs filtered by the optional network list. - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104) - Sanitize grains loaded from roster_grains.json cache during "state.pkg". - Various virt backports from 3000.2. - zypperpkg: filter patterns that start with dot. (bsc#1171906) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1974=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1974=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1974=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-3000-6.37.1 salt-cloud-3000-6.37.1 salt-master-3000-6.37.1 salt-proxy-3000-6.37.1 salt-ssh-3000-6.37.1 salt-standalone-formulas-configuration-3000-6.37.1 salt-syndic-3000-6.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-3000-6.37.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-3000-6.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-3000-6.37.1 salt-3000-6.37.1 salt-doc-3000-6.37.1 salt-minion-3000-6.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-3000-6.37.1 salt-zsh-completion-3000-6.37.1 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Mon Jul 20 22:15:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:15:32 +0200 (CEST) Subject: SUSE-RU-2020:1975-1: important: Recommended update for salt Message-ID: <20200721041532.C836FFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1975-1 Rating: important References: #1174165 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issue: - Fix for TypeError in Tornado importer (bsc#1174165) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1975=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1975=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1975=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3000-4.8.1 salt-cloud-3000-4.8.1 salt-master-3000-4.8.1 salt-proxy-3000-4.8.1 salt-ssh-3000-4.8.1 salt-standalone-formulas-configuration-3000-4.8.1 salt-syndic-3000-4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3000-4.8.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-salt-3000-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3000-4.8.1 salt-3000-4.8.1 salt-doc-3000-4.8.1 salt-minion-3000-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3000-4.8.1 salt-zsh-completion-3000-4.8.1 References: https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Mon Jul 20 22:16:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:16:18 +0200 (CEST) Subject: SUSE-RU-2020:1982-1: Recommended update for susemanager-sync-data Message-ID: <20200721041618.E76D2FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1982-1 Rating: low References: #1173656 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-sync-data provides the following fixes: - Version 4.0.17-1 - Add Ubuntu 20.04 LTS - Add SLE Live Patching (Z-Series) and SLES LTSS 12 SP3 ARM64 (bsc#1173656) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-1982=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): susemanager-sync-data-4.0.17-3.21.1 References: https://bugzilla.suse.com/1173656 From sle-updates at lists.suse.com Mon Jul 20 22:17:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:17:04 +0200 (CEST) Subject: SUSE-SU-2020:14431-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721041704.73A9DFDE1@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14431-1 Rating: moderate References: #1002529 #1003449 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1013876 #1013938 #1015882 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1024406 #1025896 #1027044 #1027240 #1027426 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1044719 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1070372 #1071322 #1072599 #1075950 #1076578 #1079048 #1080290 #1081151 #1081592 #1083294 #1085667 #1087055 #1087278 #1087581 #1087891 #1088070 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1094190 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101780 #1101812 #1101880 #1102013 #1102218 #1102265 #1102819 #1103090 #1103530 #1103696 #1104034 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109023 #1109893 #1110938 #1111542 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116343 #1116837 #1117995 #1121091 #1121439 #1122663 #1122680 #1123044 #1123512 #1123865 #1124277 #1125015 #1125610 #1125744 #1127389 #1128061 #1128554 #1129079 #1129243 #1130077 #1130588 #1130784 #1131114 #1132076 #1133523 #1133647 #1134860 #1135360 #1135507 #1135567 #1135656 #1135732 #1135881 #1137642 #1138454 #1138952 #1139761 #1140193 #1140912 #1143301 #1146192 #1146382 #1148311 #1148714 #1150447 #1151650 #1151947 #1152366 #1153090 #1153277 #1153611 #1154620 #1154940 #1155372 #1157465 #1157479 #1158441 #1158940 #1159118 #1159284 #1160931 #1162327 #1162504 #1163871 #1165425 #1165572 #1167437 #1167556 #1168340 #1169604 #1169800 #1170042 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 #769106 #769108 #776615 #849184 #849204 #849205 #879904 #887879 #889605 #892707 #902494 #908849 #926318 #932288 #945380 #948245 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #977264 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #987798 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Cross-References: CVE-2016-1866 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 251 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Fix for TypeError in Tornado importer (bsc#1174165) - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - loader: invalidate the import cachefor extra modules - zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix partition.mkpart to work without fstype (bsc#1169800) - Fix typo in 'minion_runner' for AESFuncs exposed methods. - Avoid "NameError: name '__salt_system_encoding__' is not defined" (bsc#1138952) - Fix load cached grain "osrelease_info" to prevent exceptions on "pkg.info_installed" on Debian and Ubuntu minion (bsc#1170042) - Build: Buildequire pkgconfig(systemd) instead of systemd - Add new custom SUSE capability for saltutil state module - Backport saltutil state module to 2019.2 codebase (bsc#1167556) - virt._get_domain: don't raise an exception if there is no VM - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - New configuration option for selection of grains in the minion start event. - Fix 'os_family' grain for Astra Linux Common Edition - Fix for salt-api NET API where unauthenticated attacker could run arbitrary code (CVE-2019-17361) (bsc#1162504) - Adds disabled parameter to mod_repo in aptpkg module - Move token with atomic operation - Bad API token files get deleted (bsc#1160931) - Support for Btrfs and XFS in parted and mkfs added - Adds list_downloaded for apt Module to enable pre-downloading support - Adds virt.(pool|network)_get_xml functions - Add virt.pool_capabilities function - virt.pool_running improvements - Add virt.pool_deleted state - virt.network_define allow adding IP configuration - virt: adding kernel boot parameters to libvirt xml - Fix to scheduler when data['run'] does not exist (bsc#1159118) - Fix virt states to not fail on VMs already stopped - Fix applying of attributes for returner rawfile_json (bsc#1158940) - xfs: do not fail if type is not present (bsc#1153611) - Don't use __python indirection macros on spec file %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020); additionally, python/python3 are just binaries in the path. - Fix errors when running virt.get_hypervisor function - Align virt.full_info fixes with upstream Salt - Fix for log checking in x509 test - Prevent test_mod_del_repo_multiline_values to fail - Read repo info without using interpolation (bsc#1135656) - Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425) - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Fix StreamClosedError issue (bsc#1157479) - Remove virt.pool_delete fast parameter (U#54474) - Remove unnecessary yield causing BadYieldError (bsc#1154620) - Prevent 'Already reading' continuous exception message (bsc#1137642) - Fix for aptpkg test with older mock modules - Remove wrong tests for core grain and improve debug logging - Use rich RPM deps to get a compatible version of tornado into the buildroot. - core.py: ignore wrong product_name files - zypperpkg: understand product type - Enable usage of downloadonly parameter for apt module - Add missing 'fun' on events coming from salt-ssh wfunc executions (bsc#1151947) - Fix failing unit tests for batch async - Fix memory consumption problem on BatchAsync (bsc#1137642) - Fix dependencies for RHEL 8 - Prevent systemd-run description issue when running aptpkg (bsc#1152366) - Take checksums arg into account for postgres.datadir_init (bsc#1151650) - Improve batch_async to release consumed memory (bsc#1140912) - Require shadow instead of old pwdutils (bsc#1130588) - Conflict with tornado >= 5; for now we can only cope with Tornado 4.x (bsc#1101780). - Fix virt.full_info (bsc#1146382) - virt.volume_infos: silence libvirt error message - virt.volume_infos needs to ignore inactive pools - Fix for various bugs in virt network and pool states - Implement network.fqdns module function (bsc#1134860) - Strip trailing "/" from repo.uri when comparing repos in apktpkg.mod_repo (bsc#1146192) - Make python3 default for RHEL8 - Use python3 to build package Salt for RHEL8 - Fix aptpkg systemd call (bsc#1143301) - Move server_id deprecation warning to reduce log spamming (bsc#1135567) (bsc#1135732) - Fix memory leak produced by batch async find_jobs mechanism (bsc#1140912) - Files in salt-formulas folder can now be read and excuted by others (bsc#1150447) - Restore default behaviour of pkg list return (bsc#1148714) - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to let build start it or we will get libvirt errors. - Fix handling of Virtual Machines with white space in their name. - avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package (fate#327791) - Switch firewalld state to use change_interface (bsc#1132076) - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (FATE#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues - Fixes typo in depedency: e2fsprogs - Adds missing dependencies to salt-common: python-concurrent.futures - Fix regression in dynamic pillarenv (bsc#1124277) - add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) - Don't call zypper with more than one --no-refresh parameter (bsc#1123865) - Remove zypper-add-root-configuration-parameter patch (bsc#1123512) - Remove MSI Azure cloud module authentication patch (bsc#1123044) - Don't encode response string from role API - Add root parameter to Zypper module - Fix integration tests in state compiler (U#2068) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Fix powerpc null server_id_arch (bsc#1117995) - Fix module 'azure.storage' has no attribute '__version__' (bsc#1121091) - Add supportconfig module and states for minions and SaltSSH - Fix FIPS enabled RES clients (bsc#1099887) - Add hold/unhold functions. Fix Debian repo "signed-by". - Strip architecture from debian package names - Fix latin1 encoding problems on file module (bsc#1116837) - Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto - Handle anycast IPv6 addresses on network.routes (bsc#1114474) - Debian info_installed compatibility (U#50453) - Add compatibility with other package modules for "list_repos" function - Crontab module fix: file attributes option missing (bsc#1114824) - Fix git_pillar merging across multiple __env__ repositories (bsc#1112874) - Bugfix: unable to detect os arch when RPM is not installed (bsc#1114197) - Fix LDAP authentication issue when a valid token is generated by the salt-api even when invalid user credentials are passed. (U#48901) - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations. (bsc#1113784) - Fix remote command execution and incorrect access control when using salt-api. (bsc#1113699) (CVE-2018-15751) - Fix Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. (bsc#1113698) (CVE-2018-15750) - Add multi-file support and globbing to the filetree (U#50018) - Bugfix: supportconfig non-root permission issues (U#50095) - Open profiles permissions to everyone for read-only - Preserving signature in "module.run" state (U#50049) - Install default salt-support profiles - Remove unit test, came from a wrong branch. Fix merging failure. - Add CPE_NAME for osversion* grain parsing - Get os_family for RPM distros from the RPM macros - Install support profiles - Fix async call to process manager (bsc#1110938) - Salt-based supportconfig implementation (technology preview) - Bugfix: any unicode string of length 16 will raise TypeError - Fix IPv6 scope (bsc#1108557) - Handle zypper ZYPPER_EXIT_NO_REPOS exit code (bsc#1108834, bsc#1109893) - Bugfix for pkg_resources crash (bsc#1104491) - Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333) - Fix broken "resolve_capabilities" on Python 3 (bsc#1108995) - Allow empty service_account_private_key in GCE driver (bsc#1108969) - Properly handle colons in inline dicts with yamlloader (bsc#1095651) - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Add additional x509 fixes - Fix for StringIO import in Python2 - Integration of MSI authentication for azurearm - Fix for Compound list targeting with "not" - Fixes 509x remote signing - Adds fix for SUSE Expanded Support os grain detection - Prepend current directory when path is just filename (bsc#1095942) - Only do reverse DNS lookup on IPs for salt-ssh (bsc#1104154) - Add support for Python 3.7 and Tornado 5.0 - Fix license macro to build on SLE12SP2 - Decode file contents for python2 (bsc#1102013, bsc#1103530) - Fix mine.get not returning data - workaround for #48020 (bsc#1100142) - Check dmidecoder executable on each "smbios" call to avoid race condition (bsc#1101880) - Add API log rotation on SUSE package (bsc#1102218) - Add missing dateutils import (bsc#1099945) - Backport the new libvirt_events engine from upstream - Fix file.blockreplace to avoid throwing IndexError (bsc#1101812) - Fix pkg.upgrade reports when dealing with multiversion packages (bsc#1102265) - Fix UnicodeDecodeError using is_binary check (bsc#1100225) - Fix corrupt public key with m2crypto python3 (bsc#1099323) - Prevent payload crash on decoding binary data (bsc#1100697) - Accounting for when files in an archive contain non-ascii characters (bsc#1099460) - Handle packages with multiple version properly with zypper (bsc#1096514) - Fix file.get_diff regression on 2018.3 (bsc#1098394) - Provide python version mismatch solutions (bsc#1072599) - Add custom SUSE capabilities as Grains (bsc#1089526) - Fix file.managed binary file utf8 error (bsc#1098394) - Multiversion patch plus upstream fix and patch reordering - Add environment variable to know if yum is invoked from Salt (bsc#1057635) - Prevent deprecation warning with salt-ssh (bsc#1095507) - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt - Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn - Prevent zypper from parsing repo configuration from not .repo files (bsc#1094055) - Collect all versions of installed packages on SUSE and RHEL systems (bsc#1089526) - Documentation refresh to 2018.3.0 - No more AWS EC2 rate limitations in salt-cloud (bsc#1088888) - MySQL returner now also allows to use Unix sockets (bsc#1091371) - Do not override jid on returners, only sending back to master (bsc#1092373) - Fixes for salt-ssh: - Option --extra-filerefs doesn't add all files to the state archive - Pillar completely overwritten (not merged) when doing module.run + state.apply with pillar in kwargs - remove minion/thin/version if exists to force thin regeneration (bsc#1092161) - Fixed Python 3 issue with CIDR addresses. - Fix minion scheduler to return a 'retcode' attribute (bsc#1089112) - Fix for logging during network interface querying (bsc#1087581) - Fix rhel packages requires both net-tools and iproute (bsc#1087055) - Fix patchinstall on yum module. Bad comparison (bsc#1087278) - Strip trailing commas on Linux user's GECOS fields (bsc#1089362) - Fallback to PyMySQL (bsc#1087891) - Improved test for fqdns - Update SaltSSH patch (use code checksum instead version on thin update) - Fix for [Errno 0] Resolver Error 0 (no error) (bsc#1087581) - Update to 2018.3.0 - Add python-2.6 support to salt-ssh - Add iprout/net-tools dependency - salt-ssh: require same major version while minor is allowed to be - Add SaltSSH multi-version support across Python interpeters. - Fix zypper.info_installed 'ascii' issue - Update openscap push patch to include the test fixes - Explore 'module.run' state module output in depth to catch "result" properly - make it possible to use docker login, pull and push from module.run and detect errors - Fix logging with FQDNs - Update cp.push patch - force re-generate a new thin.tgz when an update gets installed - fix salt-ssh with a different patch - Fix unicode decode error with salt-ssh - Fix cp.push empty file (bsc#1075950) - salt-ssh - move log_file option to changeable defaults - Fix grains containing trailing "\n" - Remove salt-minion python2 requirement when python3 is default (bsc#1081592) - Remove-obsolete-unicode-handling-in-pkg.info_installed - Update to salt-2018.1.99 - Fix-epoch-handling-for-Rhel-6-and-7 - Restoring-installation-of-packages-for-Rhel-6-7 - Prevent queryformat pattern from expanding (bsc#1079048) - Fix epoch handling for Rhel 6 and 7 (bsc#1068566) - Reverting to current API for split_input - Fix for wrong version processing during yum pkg install (bsc#1068566) - Feat: add grain for all FQDNs (bsc#1063419) - Fix the usage of custom macros on the spec file. - Fix RES7: different dependency names for python-PyYAML and python-MarkupSafe - Build both python2 and python3 binaries together. - Bugfix: errors in external pillar causes crash instead of report of them (bsc#1068446) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Fix "No service execution module loaded" issue (bsc#1065792) - Set SHELL environment variable - Removed unnecessary logging on shutdown (bsc#1050003) - Add fqdns to grains (bsc#1063419) - Fixing cherrypy websocket with python3 - Various-bug-fixes - Python3 bugfix for cherrypy read() - Fix for logging on salt-master exit in rare cases (pid-file removal) - Fix salt-master for old psutil version - Put back accidentally removed patches - Fix for delete_deployment in Kubernetes module (bsc#1059291) - Older logrotate need su directive (bsc#1071322) - Fix bsc#1041993 already included in 2017.7.2 - Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230) - Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as 'the main packages version'. - Fix wrong version reported by Salt (bsc#1061407) - Fix CVE-2017-14696 (bsc#1062464) already included in 2017.7.2 - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Update to 2017.7.2 See https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html - Re-added previously removed unit-test for bsc#1050003 - Fixes for CVE-2017-14695 and CVE-2017-14696 (bsc#1062462) - Add missing follow-up for CVE-2017-12791 (bsc#1053955) - Fixed salt target-type field returns "String" for existing jids but an empty "Array" for non existing jids. (issue#1711) - Fixed minion resource exhaustion when many functions are being executed in parallel (bsc#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (bsc#985112) - Fix for delete_deployment in Kubernetes module (bsc#1059291) - Catching error when PIDfile cannot be deleted (bsc#1050003) - Use $HOME to get the user home directory instead using '~' char (bsc#1042749) - Fixed patches for Kubernetes and YUM modules - Add patches to salt to support SUSE Manager scalability features (bsc#1052264) - Introducing the kubernetes module (bsc#1051948) - Revert "We don't have python-systemd, so notify can't work" - Notify systemd synchronously via NOTIFY_SOCKET (bsc#1053376) - Add clean_id function to salt.utils.verify.py (CVE-2017-12791, bsc#1053955) - Added bugfix when jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125) - Adding procps as dependency. This provides "ps" and "pgrep" utils which are called from different Salt modules and also from new salt-minion watchdog. - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - fix format error (bsc#1043111) - fix ownership for whole master cache directory (bsc#1035914) - Bugfix: clean up `change` attribute from interface dict (upstream) Issue: https://github.com/saltstack/salt/issues/41461 PR: 1. https://github.com/saltstack/salt/pull/41487 2. https://github.com/saltstack/salt/pull/41533 - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Bugfix: orchestrate and batches returns false failed information https://github.com/saltstack/salt/issues/40635 - speed-up cherrypy by removing sleep call - wrong os_family grains on SUSE - fix unittests (bsc#1038855) - fix setting the language on SUSE systems (bsc#1038855) - Documentation refresh to 2016.11.4 - Update to 2016.11.4 See https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html for full changelog - Use SUSE specific salt-api.service (bsc#1039370) - Bugfix: wrong os_family grains on SUSE (bsc#1038855) - Bugfix: unable to use hostname for minion ID as '127' (upstream) - Fix core grains constants for timezone (bsc#1032931) - Add unit test for a skip false values from preferred IPs upstream patch - Adding "yum-plugin-security" as required for RHEL 6 - Minor fixes on new pkg.list_downloaded - Listing all type of advisory patches for Yum module - Prevents zero length error on Python 2.6 - Fixes zypper test error after backporting - raet protocol is no longer supported (bsc#1020831) - Fix: move SSH data to the new home (bsc#1027722) - Fix: /var/log/salt/minion fails logrotate (bsc#1030009) - Fix: Result of master_tops extension is mutually overwritten (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs - Allows to set custom timeouts for 'manage.up' and 'manage.status' - Use salt's ordereddict for comparison (fixes failing tests) - add special salt-minion.service file for RES7 - fix scripts for salt-proxy - define with systemd for fedora and rhel >= 7 (bsc#1027240) - add openscap module - file.get_managed regression fix (upstream issues #39762) - fix translate variable arguments if they contain hidden keywords (bsc#1025896) - fix service handling for openSUSE - added unit test for dockerng.sls_build dryrun - added dryrun to dockerng.sls_build - update dockerng minimal version requirements - fix format error in error parsing - keep fix for migrating salt home directory (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available (bsc#1012999) - Fix timezone: should be always in UTC (bsc#1017078) - Fix timezone handling for rpm installtime (bsc#1017078) - Increasing timeouts for running integrations tests - Add buildargs option to dockerng.build module - Disable custom rosters for Salt SSH via Salt API (bsc#1011800) More: https://github.com/saltstack/salt/pull/38596 - Fix error when missing ssh-option parameter - readd yum notify plugin - all kwargs to dockerng.create to provide all features to sls_build as well - Bugfix: datetime should be returned always in UTC - Bugfix: scheduled state may cause crash while deserialising data on infinite recursion. (bsc#1036125) - Enable yum to handle errata on RHEL 6: require yum-plugin-security - Minor fixes on new pkg.list_downloaded - Listing all type of advisory patches for Yum module - Prevents zero length error on Python 2.6 - Fixes zypper test error after backporting - Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata. - Fix log rotation permission issue (bsc#1030009) - Use pkg/suse/salt-api.service by this package - Patch to set SHELL env variable for the salt-api.service. Needed for salt-ssh ProxyCommand to work properly. - Fixes 'timeout' and 'gather_job_timeout' kwargs parameters for 'local_batch' client - Add missing bootstrap script for Salt Cloud (bsc#1032452) - Fix: add missing /var/cache/salt/cloud directory (bsc#1032213) - Added test case for race conditions on cache directory creation - Adding "pkg.install downloadonly=True" support to yum/dnf execution module - Makes sure "gather_job_timeout" is an Integer - Adding "pkg.downloaded" state and support for installing patches/erratas - Fix: merge master_tops output - Fix: race condition on cache directory creation - Cleanup salt user environment preparation (bsc#1027722) - Don't send passwords after shim delimiter is found (bsc#1019386) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs - Allows to set custom timeouts for 'manage.up' and 'manage.status' - Update systemd module unit tests (Update patch 0050) - define with system for fedora and rhel 7 (bsc#1027240) - Fix service state returning stacktrace (bsc#1027044) - OpenSCAP Module - Prevents 'OSError' exception in case certain job cache path doesn't exist (bsc#1023535) - Backport: Fix issue with cp.push (#36136) - Fix salt-minion update on RHEL (bsc#1022841) - Adding new functions to Snapper execution module. - Fix invalid chars allowed for data IDs (bsc#1011304) Fix timezone: should be always in UTC (bsc#1017078) - Fixes wrong "enabled" opts for yumnotify plugin - ssh-option parameter for salt-ssh command. - minion should pre-require salt - do not restart salt-minion in the salt package - add try-restart to sys-v init scripts - Adding "Restart=on-failure" for salt-minion systemd service - Re-introducing "KillMode=process" for salt-minion systemd service - Successfully exit of salt-api child processes when SIGTERM is received - Update to 2015.8.12 - Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639) - Splitted non-Linux and other external platform modules to 'salt-other' sub-package. - Switch package group from System/Monitoring to System/Management - fix exist codes of sysv init script (bsc#999852) - Including resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster (bsc#1004723) - Adding 'dist-upgrade' support to zypper module (FATE#320559) - Copy .travis.yml from git commit ea63e793567ba777e47dc766a4f88edfb037a02f - Change travis configuration file to use salt-toaster - acl.delfacl: fix position of -X option to setfacl (bsc#1004260) - fix generated shebang in scripts on SLES-ES 7 (bsc#1004047) - add update-documentation.sh to specfile - Setting up OS grains for SLES-ES (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt (bsc#1002529) - Adjust permissions on home directory - Adjust pre-install script to correctly move existing salt users' home directory salt user cannot write in his own home directory (/srv/salt) because it is owned by user `root`. This prevents salt from correctly save ssh known hosts in ~/.ssh/ and breaks salt-ssh bootstrapping. - Updated html.tar.bz2 documentation tarball. - Generate Salt Thin with configured extra modules (bsc#990439) - Unit and integration tests fixes for 2015.8.7 - Prevent pkg.install failure for expired keys (bsc#996455) - Required D-Bus and generating machine ID - add a macro to check if the docs should be build or the static tarball should be used - Fix a couple of failing unittests - Helper script for updating documentation tarball. - Fix python-jinja2 requirements in rhel - Fix pkg.installed refresh repo failure (bsc#993549) - Fix salt.states.pkgrepo.management no change failure (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed (bsc#991048) - Fix beacon list to include all beacons being process - Run salt-api as user salt like the master (bsc#990029) - Revert patch Minion ID generation (bsc#967803) - Fix broken inspector due to accidentally missed commit (bsc#989798) - Set always build salt-doc package. - Bugfix: lvm.vg_present does not recognize PV with certain LVM filter settings (bsc#988506) - Backport: Snapper module for Salt. - Bugfix: pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty (bsc#989193, bsc#986019) - Rewrite Minion ID generation (bsc#967803) - Bugfix: Fixed behavior for SUSE OS grains (bsc#970669) - Bugfix: Salt os_family does not detect SLES for SAP (bsc#983017) - Move log message from INFO to DEBUG (bsc#985661) - fix salt --summary to count not responding minions correctly (bsc#972311) - Fix memory leak on custom execution module sheduled jobs (bsc#983512) - fix groupadd module for sles11 systems (bsc#978150) - Fix pkgrepo.managed gpgkey argument doesn't work (bsc#979448) - Package checksum validation for zypper pkg.download - Check if a job has executed and returned successfully - Remove option -f from startproc (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data (bsc#980313). - Zypper plugin: alter the generated event name on package set change. - Fix file ownership on master keys and cache directories during upgrade (handles upgrading from salt 2014, where the daemon ran as root, to 2015 where it runs as the salt user, bsc#979676). - salt-proxy .service file created (bsc#975306) - Prevent salt-proxy test.ping crash (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand (bsc#971372). - Restore boolean values from the repo configuration Fix priority attribute (bsc#978833) - Unblock-Zypper. (bsc#976148) Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - align OS grains from older SLES with current one (bsc#975757) - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (bsc#969320) - Check if EOL is available in a particular product (bsc#975093) - fix building with docs on SLE11 - Prevent metadata download when getting installed products - Add statically built docs. - fix sorting by latest package - ensure pkg.info_installed report latest package version (bsc#972490) - Use SHA256 by default in master, minion and proxy (bsc#955373) - Fix state structure compilation - Fix git_pillar race condition - fix detection of base products in SLE11 - fix rpm info for SLE11 - fix init system detection for SLE11 - Make checksum configurable (upstream still wants md5, we suggest sha256). bsc#955373 - Fix the service state / module on SLE11. - Prevent rebuilds in OBS by not generating a date as a comment in a source file - Add better checking for zypper exit codes and simplify evaluation of the zypper error messages. - Adapt unit tests - Add initial pack of Zypper's Unit tests. Use XML output in list_upgrades. Bugfix: upgrade_available crashes when only one package specified Purge is not using "-u" anymore - fix argument handling of pkg.download - unify behavior of zypper refresh in salt - Fix crash with scheduler and runners - Call zypper always with --non-interactive - require rpm-python on SUSE for zypper support - fix state return code - add handling of OEM products to pkg.list_products - improve doc for list_pkgs - implement pkg.version_cmp in zypper.py - Update to 2015.8.7 this is a small update to fix some regressions see https://docs.saltstack.com/en/latest/topics/releases/2015.8.7.html - Booleans should not be strings from XML, add Unix ticks time and format result in a list of maps. - Stop salt-api daemon faster (bsc#963322) - Do not crash on salt-key reject/delete consecutive calls. - Update to 2015.8.5 Security fixes: * CVE-2016-1866: Improper handling of clear messages on the minion remote code execution (bsc#965403) See https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html - Update to 2015.8.4 See https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html - Fix latest version available comparison and implement epoch support in Zypper module. - Fix dependencies to Salt subpackages requiring release along the version. - Fix pkg.latest crash. - Fix pkg.latest SLS ID bug, when pkgs empty list is passed, but SLS ID still treated as a package name. - Fix zypper module info_available on SLE-11 * https://github.com/saltstack/salt/pull/30384 - zypper/pkg: add package attributes filtering * https://github.com/saltstack/salt/pull/30267 - Remove obsoleted patches and fixes: * Remove require on glibc-locale (bsc#959572) - Add missing return data to scheduled jobs * https://github.com/saltstack/salt/pull/30246 - Update zypper-utf-8 patch for Python 2.6 - require glibc-locale (bsc#959572) - Report epoch and architecture of installed packages - pkg.info_installed exceeds the maximum event size, reduce the information to what's actually needed - Filter out bad UTF-8 strings in package data (bsc#958350) - Updated to salt 2015.8.3 bugfix release more details at: https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html - reimplements pkg.list_products that potentially may be broken in a future releases of SLES. - fixe a regression introduced in 2015.8.2, which was actually holding back the release. Downgrade is not an option as we need the leap fixes. - it shouldnt be >= 1110 but just > 1110 - require pmtools on sle11 to get dmidecode - First step to make the syndic also run as salt user. - Updated to bugfix release 2015.8.2 - fix the "os" grain on SLES11SP4 - fix the priority and humanname pkgrepo args for the zypper backend for more details: https://docs.saltstack.com/en/2015.8/topics/releases/2015.8.2.html - update to 2015.8.1 - Add support for ``spm.d/*.conf`` configuration of SPM (:issue:`27010`) - Fix ``proxy`` grains breakage for non-proxy minions (:issue:`27039`) - Fix global key management for git state - Fix passing http auth to ``util.http`` from ``state.file`` (:issue:`21917`) - Fix ``multiprocessing: True`` in windows (on by default`) - Add ``pkg.info`` to pkg modules - Fix name of ``serial`` grain (this was accidentally renamed in 2015.8.0`) - Merge config values from ``master.d``/``minion.d`` conf files (rather than flat update`) - Clean grains cache on grains sync (:issue:`19853`) - Remove streamed response for fileclient to avoid HTTP redirection problems (:issue:`27093`) - Fixed incorrect warning about ``osrelease`` grain (:issue:`27065`) - Fix authentication via Salt-API with tokens (:issue:`27270`) - Fix winrepo downloads from https locations (:issue:`27081`) - Fix potential error with salt-call as non-root user (:issue:`26889`) - Fix global minion provider overrides (:issue:`27209`) - Fix backward compatibility issues for pecl modules - Fix Windows uninstaller to only remove ``./bin``, ``salt*``, ``nssm.exe``, ``uninst.exe`` (:issue:`27383`) - Fix misc issues with mongo returner. - Add sudo option to cloud config files (:issue:`27398`) - Fix regression in RunnerClient argument handling (:issue:`25107`) - Fix ``dockerng.running`` replacing creation hostconfig with runtime hostconfig (:issue:`27265`) - Fix dockerng.running replacing creation hostconfig with runtime hostconfig (:issue:`27265`) - Increased performance on boto asg/elb states due to ``__states__`` integration - Windows minion no longer requires powershell to restart (:issue:`26629`) - Fix x509 module to support recent versions of OpenSSL (:issue:`27326`) - Some issues with proxy minions were corrected. - guard raet buildrequires with bcond_with raet and comment out the recommends for salt-raet. - remove pygit2 global recommends, it is only needed in the master - remove git-core, pygit2 should pull it as a dependency - add a (currently disabled) %check Returns detailed information about a package - ifdef Recommends to build on RHEL based distros - use _initddir instead of _sysconfdir/init.d as it works on both platforms. - allow to disable docs in preparation for building on other platforms without all dependencies. - python-libnacl, python-ioflo are _not_ required to build the package. They are anyways requires of python-raet, which is also not required to build the package. - merge (build)requires/recommends with requirements/*txt and setup.py - add raet subpackage which will pull all requires for it and provides config snippets to enable it for the minion and master. - add tmpfiles.d file - Remove requires on python-ioflo and python-libnacl they will be pulled by python-raet, which is optional. - python-raet is optional, so make it a Recommends - update backports patch from 2015.8 branch - update use-forking-daemon patch: the original intention was to get rid of the python systemd dependency. for this we do not have daemonize the whole process. just switching to simple mode is enough. - drop fdupes: 1. it broke python byte code handling 2. the only part of the package which would really benefit from it would be the doc package. but given we only install the files via %doc, we can not use it for that either. - reenable completions on distros newer than sle11 - do not use _datarootdir, use _datadir instead. - package all directories in /var/cache/salt and /etc/salt and have permissions set for non root salt master - update use-salt-user-for-master patch: - also patch the logrotate file to include the su option - remove duplicated recommends - never require pygit2 and git. the master can run fine without. always use recommends - cleanup dependencies: - remove a lot of unneeded buildrequires - fdupes not present on SLE10 - python-certifi needed on SLE11 - python-zypp not needed any more - python-pygit2 is not a global requirement - convert python-pysqlite to recommends as it is not available on python <=2.7 - sles_version -> suse_version - %exclude the cloud/deploy/*.sh scripts to fix build issue on SLE11 - Remove python-PyYAML from the dependencies list, as python-yaml is the same - Build the -completion subpackages in SLE11 as well - Add salt-proxy (by dmacvicar at suse.de) - Create salt user/group only in the -master subpkg - Fix typo in use-forking-daemon patch, that prevented daemon loading - Fix typo in Requires - Cleanup requirements - New Major release 2015.8.0 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.8.0.html - Cleaned the spec file with spec-cleaner - Added the use-salt-user-for-master patch see README.SUSE - Updated the files ownership with salt user - removed m2crypto depency - Removed fish dependency for fish completions. - Added fish completions. - Support SLE11SP{3,4}, where the M2Crypto package is named python-m2crypto - Updated to Bugfix release 2015.5 for more details: https://github.com/saltstack/salt/blob/develop/doc/topics/releases/2015.5.5 .rst - Add prereq, for user creation. - Add creation of salt user in preparation of running the salt-master daemon as non-root user salt. https://bugzilla.opensuse.org/show_bug.cgi?id=939831 - Add README.SUSE with explanation and how to. - only require git-core to not pull in git-web and gitk - New Bugfix release 2015.5.3 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.3.html - New Bugfix release 2015.5.2 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.2.html - New Bugfix release 2015.5.1 salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to this function in the cloud runner. for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.1.html - Removed python-pssh depency not needed anymore. - Major release 2015.5.0 Lithium - update to 2015.5.0 The 2015.5.0 feature release of Salt is focused on hardening Salt and mostly on improving existing systems. A few major additions are present, primarily the new Beacon system. Most enhancements have been focused around improving existing features and interfaces. As usual the release notes are not exhaustive and primarily include the most notable additions and improvements. Hundreds of bugs have been fixed and many modules have been substantially updated and added. See especially the warning right on the top regarding python_shell=False. For all details see http://docs.saltstack.com/en/latest/topics/releases/2015.5.0.html - RPM Package changes: - add some versions to the buildrequires to match the 2 requirements files from the tarball - Moved the depencencies to main salt package except where they are specific for the package - Changed python-request dependency,only needed on salt-cloud - Added python-tornado dependency for http.py - Fixed zsh_completion in tarball. - Fixed salt-api requirements to require python-cherrypy - Fixed salt-cloud requiments to require salt-master - New Bugfix release 2014.7.5 Changes: + Fixed a key error bug in salt-cloud + Updated man pages to better match documentation + Fixed bug concerning high CPU usage with salt-ssh + Fixed bugs with remounting cvfs and fuse filesystems + Fixed bug with alowing requisite tracking of entire sls files + Fixed bug with aptpkg.mod_repo returning OK even if apt-add-repository fails + Increased frequency of ssh terminal output checking + Fixed malformed locale string in localmod module + Fixed checking of available version of package when accept_keywords were changed + Fixed bug to make git.latest work with empty repositories + Added **kwargs to service.mod_watch which removes warnings about enable and __reqs__ not being supported by the function + Improved state comments to not grow so quickly on failed requisites + Added force argument to service to trigger force_reload + Fixed bug to andle pkgrepo keyids that have been converted to int + Fixed module.portage_config bug with appending accept_keywords + Fixed bug to correctly report disk usage on windows minion + Added the ability to specify key prefix for S3 ext_pillar + Fixed issues with batch mode operating on the incorrect number of minions + Fixed a bug with the proxmox cloud provider stacktracing on disk definition + Fixed a bug with the changes dictionary in the file state + Fixed the TCP keep alive settings to work better with SREQ caching + Fixed many bugs within the iptables state and module + Fixed bug with states by adding fun, state, and unless to the state runtime internal keywords listing + Added ability to eAuth against Active Directory + Fixed some salt-ssh issues when running on Fedora 21 + Fixed grains.get_or_set_hash to work with multiple entries under same key + Added better explanations and more examples of how the Reactor calls functions to docs + Fixed bug to not pass ex_config_drive to libcloud unless it's explicitly enabled + Fixed bug with pip.install on windows + Fixed bug where puppet.run always returns a 0 retcode + Fixed race condition bug with minion scheduling via pillar + Made efficiency improvements and bug fixes to the windows installer + Updated environment variables to fix bug with pygit2 when running salt as non-root user + Fixed cas behavior on data module -- data.cas was not saving changes + Fixed GPG rendering error + Fixed strace error in virt.query + Fixed stacktrace when running chef-solo command + Fixed possible bug wherein uncaught exceptions seem to make zmq3 tip over when threading is involved + Fixed argument passing to the reactor + Fixed glibc caching to prevent bug where salt-minion getaddrinfo in dns_check() never got updated nameservers Known Issues: + In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods. - New Bugfix Release 2014.7.4 - fix salt-zsh-completion conflicts + Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters. + Fix bug wherein network.iface could produce stack traces. + net.arp will no longer be made available unless arp is installed on the system. + Major performance improvements to Saltnado + Allow KVM module to operate under KVM itself or VMWare Fusion + Various fixes to the Windows installation scripts + Fix issue where the syndic would not correctly propogate loads to the master job cache. + Improve error handling on invalid /etc/network/interfaces file in salt networking modules + Fix bug where a reponse status was not checked for in fileclient.get_url + Enable eauth when running salt in batch mode + Increase timeout in Boto Route53 module + Fix bugs with Salt's 'tar' module option parsing + Fix parsing of NTP servers on Windows + Fix issue with blockdev tuning not reporting changes correctly + Update to the latest Salt bootstrap script + Update Linode salt-cloud driver to use either linode-python or apache-libcloud + Fix for s3.query function to return correct headers + Fix for s3.head returning None for files that exist + Fix the disable function in win_service module so that the service is disabled correctly + Fix race condition between master and minion when making a directory when both daemons are on the same host + Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint + Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint + Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint + Add status.master capability for Windows. + Various fixes to ssh_known_hosts + Various fixes to states.network bonding for Debian + The debian_ip.get_interfaces module no longer removes nameservers. + Better integration between grains.virtual and systemd-detect-virt and virt-what + Fix traceback in sysctl.present state output + Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (extended=True). Also mount.mounted various fixes for Solaris and FreeBSD. + Fix error where datetimes were not correctly safeguarded before being passed into msgpack. + Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if `backup` is False, and if a pre-existing file exists with extension `.bak`, then that backup file will be overwritten. This backup behavior is a result of how `fileinput` works. Fixing it requires either passing through the file twice (the first time only to search for content and set a flag), or rewriting `file.replace` so it doesn't use `fileinput` + VCS filreserver fixes/optimizations + Catch fileserver configuration errors on master start + Raise errors on invalid gitfs configurations + set_locale when locale file does not exist (Redhat family) + Fix to correctly count active devices when created mdadm array with spares + Fix to correctly target minions in batch mode + Support ssh:// urls using the gitfs dulwhich backend + New fileserver runner + Fix various bugs with argument parsing to the publish module. + Fix disk.usage for Synology OS + Fix issue with tags occurring twice with docker.pulled + Fix incorrect key error in SMTP returner + Fix condition which would remount loopback filesystems on every state run + Remove requsites from listens after they are called in the state system + Make system implementation of service.running aware of legacy service calls + Fix issue where publish.publish would not handle duplicate responses gracefully. + Accept Kali Linux for aptpkg salt execution module + Fix bug where cmd.which could not handle a dirname as an argument + Fix issue in ps.pgrep where exceptions were thrown on Windows. - Known Issues: + In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods. - New Bugfix release 2014.7.2: - fix package bug with fdupes. - keep sle 11 sp3 support. + Fix erroneous warnings for systemd service enabled check (issue 19606) + Fix FreeBSD kernel module loading, listing, and persistence kmod (issue 197151, issue 19682) + Allow case-sensitive npm package names in the npm state. This may break behavior for people expecting the state to lowercase their npm package names for them. The npm module was never affected by mandatory lowercasing. (issue 20329) + Deprecate the activate parameter for pip.install for both the module and the state. If bin_env is given and points to a virtualenv, there is no need to activate that virtualenv in a shell for pip to install to the virtualenv. + Fix a file-locking bug in gitfs (issue 18839) - New Bugfix release 2014.7.1: + Fixed gitfs serving symlinks in file.recurse states (issue 17700) + Fixed holding of multiple packages (YUM) when combined with version pinning (issue 18468) + Fixed use of Jinja templates in masterless mode with non-roots fileserver backend (issue 17963) + Re-enabled pillar and compound matching for mine and publish calls. Note that pillar globbing is still disabled for those modes, for security reasons. (issue 17194) + Fix for tty: True in salt-ssh (issue 16847) - Needed to provide zsh completion because of the tarball missing the zsh completion script. - Removed man salt.1.gz file from salt-master because upstream removed it. - Added man salt.7.gz to salt-master package - Updated to Major Release 2014.7.0 - added python-zipp as depency - added recommend python-pygit2, this is the preferred gitfs backend of saltstack - added zsh-completion package - More information at: http://docs.saltstack.com/en/latest/topics/releases/2014.7.0.html - SALT SSH ENHANCEMENTS: + Support for Fileserver Backends + Support for Saltfile + Ext Pillar + No more sshpass needed + Pure Python Shim + Custom Module Delivery + CP module Support + More Thin Directory Options - Salt State System enhancements: + New Imperative State Keyword "Listen" + New Mod Aggregate Runtime Manipulator + New Requisites: onchanges and onfail + New Global onlyif and unless + Use names to expand and override values - Salt Major Features: + Improved Scheduler Additions + Red Hat 7 Support + Fileserver Backends in Salt-call + Amazon Execution Modules in salt-cloud + LXC Runner Enhancements + Next Gen Docker Management + Peer System Performance Improvements + SDB Encryption at rest for configs + GPG Renderer encrypted pillar at rest + OpenStack Expansions + Queues System external queue systems into Salt events + Multi Master Failover Additions + Chef Execution Module - salt-api Project Merge + Synchronous and Asynchronous Execution of Runner and Wheel Modules + rest_cherrypy Additions + Web Hooks - Fileserver Backend Enhancements: + New gitfs Features + Pygit2 and Dulwich support + Mountpoints support + New hgfs Features + mountpoints support + New svnfs Features: + mountpoints + minionfs Featuressupport + mountpoints - New Salt Modules: + Oracle + Random + Redis + Amazon Simple Queue Service + Block Device Management + CoreOS etcd + Genesis + InfluxDB + Server Density + Twilio Notifications + Varnish + ZNC IRC Bouncer + SMTP - NEW RUNNERS: + Map/Reduce Style + Queue - NEW EXTERNAL PILLARS: + CoreOS etcd - NEW SALT-CLOUD PROVIDERS: + Aliyun ECS Cloud + LXC Containers + Proxmox (OpenVZ containers & KVM) - DEPRECATIONS: + Salt.modules.virtualenv_mod - Updated to 2014.1.13 a bugfix release on 2014.1.12 + fix module run exit code (issue 16420) + salt cloud Check the exit status code of scp before assuming it has failed. (issue 16599) - Updated to 2014.1.12 a bugfix release on 2014.1.11 + Fix scp_file always failing (which broke salt-cloud) (issue 16437) + Fix regression in pillar in masterless (issue 16210, issue 16416, issue 16428) - Updated to 2014.1.11 is another bugfix release for 2014.1.0. Changes include: + Fix for minion_id with byte-order mark (BOM) (issue 12296) + Fix runas deprecation in at module + Fix trailing slash befhavior for file.makedirs_ (issue 14019) + Fix chocolatey path (issue 13870) + Fix git_pillar infinite loop issues (issue 14671) + Fix json outputter null case + Fix for minion error if one of multiple masters are down (issue 14099) + Updated the use-forking-daemon patch with the right version - Fix service.py version parsing for SLE 11 - Remove salt-master's hard requirement for git and python-GitPython on SLE 12 - Ensure salt uses systemd for services on SLES - RPM spec update + added service_add_pre function - Updated to 2014.1.10: + Version 2014.1.9 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. This version contains the version detection fix, but is otherwise identical to 2014.1.9. + Version 2014.1.8 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. This version contains the version detection fix, but is otherwise identical to 2014.1.8. - Updated to 2014.1.8: + Ensure salt-ssh will not continue if permissions on a temporary directory are not correct. + Use the bootstrap script distributed with Salt instead of relying on an external resource + Remove unused testing code + Ensure salt states are placed into the .salt directory in salt-ssh + Use a randomized path for temporary files in a salt-cloud deployment + Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment - Allow salt to correctly detect services provided by init scripts - Move systemd service file fix to patch, add PIDFile parameter (this fix is applicable for all SUSE versions, not just 12.3) - Improve systemd service file fix for 12.3 Use forking instead of Simple and daemonize salt-master process - Fixed bug in opensuse 12.3 systemd file systemd 198 doesn't have python-systemd binding. - Disabled testing on SLES - Update to 2014.7 This release was a hotfix release for the regression listed above which was present in the 2014.1.6 - Fix batch mode regression (issue 14046) - Updated to 2014.1.6 - Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607) - Fix mount.active for Solaris - Fix support for allow-hotplug statement in debian_ip network module - Add sqlite3 to esky builds - Fix jobs.active output (issue 9526) - Fix the virtual grain for Xen (issue 13534) - Fix eauth for batch mode (issue 9605) - Fix force-related issues with tomcat support (issue 12889) - Fix KeyError when cloud mapping - Fix salt-minion restart loop in Windows (issue 12086) - Fix detection of service virtual module on Fedora minions - Fix traceback with missing ipv4 grain (issue 13838) - Fix issue in roots backend with invalid data in mtime_map (issue 13836) - Fix traceback in jobs.active (issue 11151) - Updated to 2014.1.5 - Add function for finding cached job on the minion - Fix for minion caching jobs when master is down - Bump default `syndic_wait` to 5 to fix syndic-related problems (issue 12262) - Fix false positive error in logs for `makeconf` state (issue 9762) - Fix for extra blank lines in `file.blockreplace` (issue 12422) - Use system locale for ports package installations - Fix for `cmd_iter`/`cmd_iter_no_block` blocking issues (issue 12617) - Fix traceback when syncing custom types (issue 12883) - Fix cleaning directory symlinks in `file.directory` - Add performance optimizations for `saltutil.sync_all` and `state.highstate` - Fix possible error in `saltutil.running` - Fix for kmod modules with dashes (issue 13239) - Fix possible race condition for Windows minions in state module reloading (issue 12370) - Fix bug with roster for `passwd`s that are loaded as non-string objects (issue 13249) - Keep duplicate version numbers from showing up in `pkg.list_pkgs` output - Fixes for Jinja renderer, timezone mod`module `/mod`state ` (issue 12724) - Fix timedatectl parsing for systemd>=210 (issue 12728) - Removed the deprecated external nodes classifier (originally accessible by setting a value for external_nodes in the master configuration file). Note that this functionality has been marked deprecated for some time and was replaced by the more general doc`master tops ` system. - More robust escaping of ldap filter strings. - Fix trailing slash in conf_master`gitfs_root` causing files not to be available (issue 13185) - added bash completion package - Updated to 2014.1.4 - Fix setup.py dependency issue (issue 12031) - Fix handling for IOErrors under certain circumstances (issue 11783 and issue 11853) - Fix fatal exception when `/proc/1/cgroup` is not readable (issue 11619) - Fix os grains for OpenSolaris (issue 11907) - Fix `lvs.zero` module argument pass-through (issue 9001) - Fix bug in `debian_ip` interaction with `network.system` state (issue 11164) - Remove bad binary package verification code (issue 12177) - Fix traceback in solaris package installation (issue 12237) - Fix `file.directory` state symlink handling (issue 12209) - Remove `external_ip` grain - Fix `file.managed` makedirs issues (issue 10446) - Fix hang on non-existent Windows drive letter for `file` module (issue 9880) - Fix salt minion caching all users on the server (issue 9743) - Updated to 2014.1.3 - Fix username detection when su'ed to root on FreeBSD (issue 11628) - Fix minionfs backend for file.recurse states - Fix 32-bit packages of different arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822) - Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790) - Don???t reload site module on module refresh for MacOS - Fix regression with running execution functions in Pillar SLS (issue 11453) - Fix some modules missing from Windows installer - Don???t log an error for yum commands that return nonzero exit status on non-failure (issue 11645) - Fix bug in rabbitmq state (issue 8703) - Fix missing ssh config options (issue 10604) - Fix top.sls ordering (issue 10810 and issue 11691) - Fix salt-key --list all (issue 10982) - Fix win_servermanager install/remove function (issue 11038) - Fix interaction with tokens when running commands as root (issue 11223) - Fix overstate bug with find_job and **kwargs (issue 10503) - Fix saltenv for aptpkg.mod_repo from pkgrepo state - Fix environment issue causing file caching problems (issue 11189) - Fix bug in __parse_key in registry state (issue 11408) - Add minion auth retry on rejection (issue 10763) - Fix publish_session updating the encryption key (issue 11493) - Fix for bad AssertionError raised by GitPython (issue 11473) - Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164) - Fix potential memory leak caused by saved (and unused) events (issue 11582) - Fix exception handling in the MySQL module (issue 11616) - Fix environment-related error (issue 11534) - Include psutil on Windows - Add file.replace and file.search to Windows (issue 11471) - Add additional file module helpers to Windows (issue 11235) - Add pid to netstat output on Windows (issue 10782) - Fix Windows not caching new versions of installers in winrepo (issue 10597) - Fix hardcoded md5 hashing - Fix kwargs in salt-ssh (issue 11609) - Fix file backup timestamps (issue 11745) - Fix stacktrace on sys.doc with invalid eauth (issue 11293) - Fix git.latest with test=True (issue 11595) - Fix file.check_perms hardcoded follow_symlinks (issue 11387) - Fix certain pkg states for RHEL5/Cent5 machines (issue 11719) - Packaging: - python-psutil depencies (more functional modules out of the box) - python-yaml depencies (more functional modules out of the box) - python-requests depencies (salt-cloud) - Updated to 2014.1.1 Bug Fix release - temporarily disabled integration check after consult with Upstream - Updated to 2014.1.0 Major Release - features: - 2014.1.0 is the first release to follow the new date-based release naming system. - Salt Cloud Merged into Salt - Google Compute Engine support is added to salt-cloud. - Salt Virt released - Docker Integration - IPv6 Support for iptables State/Module - GitFS Improvements - MinionFS - saltenv - Grains Caching - Improved Command Logging Control - PagerDuty Support - Virtual Terminal - Proxy Minions - bugfixes: - Fix mount.mounted leaving conflicting entries in fstab (:issue:`7079`) - Fix mysql returner serialization to use json (:issue:`9590`) - Fix ZMQError: Operation cannot be accomplished in current state errors (:issue:`6306`) - Rbenv and ruby improvements - Fix quoting issues with mysql port (:issue:`9568`) - Update mount module/state to support multiple swap partitions (:issue:`9520`) - Fix archive state to work with bsdtar - Clarify logs for minion ID caching - Add numeric revision support to git state (:issue:`9718`) - Update master_uri with master_ip (:issue:`9694`) - Add comment to Debian mod_repo (:issue:`9923`) - Fix potential undefined loop variable in rabbitmq state (:issue:`8703`) - Fix for salt-virt runner to delete key on VM deletion - Fix for salt-run -d to limit results to specific runner or function (:issue:`9975`) - Add tracebacks to jinja renderer when applicable (:issue:`10010`) - Fix parsing in monit module (:issue:`10041`) - Fix highstate output from syndic minions (:issue:`9732`) - Quiet logging when dealing with passwords/hashes (:issue:`10000`) - Fix for multiple remotes in git_pillar (:issue:`9932`) - Fix npm installed command (:issue:`10109`) - Add safeguards for utf8 errors in zcbuildout module - Fix compound commands (:issue:`9746`) - Add systemd notification when master is started - Many doc improvements - packaging: - source tarball includes all packaging files in pkg folder. - fixed rpmlint errors about duplicates. - fixed rpmlint errors about non executables scripts. - Updated to 0.17.5 a bugfix release for 0.17.0: - Updated to 0.17.4 which is another bugfix release for 0.17.0: - Fix some jinja render errors (issue 8418) - Fix file.replace state changing file ownership (issue 8399) - Fix state ordering with the PyDSL renderer (issue 8446) - Fix for new npm version (issue 8517) - Fix for pip state requiring name even with requirements file (issue 8519) - Add sane maxrunning defaults for scheduler (issue 8563) - Fix states duplicate key detection (issue 8053) - Fix SUSE patch level reporting (issue 8428) - Fix managed file creation umask (issue 8590) - Fix logstash exception (issue 8635) - Improve argument exception handling for salt command (issue 8016) - Fix pecl success reporting (issue 8750) - Fix launchctl module exceptions (issue 8759) - Fix argument order in pw_user module - Add warnings for failing grains (issue 8690) - Fix hgfs problems caused by connections left open (issue 8811 and issue 8810) - Fix installation of packages with dots in pkg name (issue 8614) - Fix noarch package installation on CentOS 6 (issue 8945) - Fix portage_config.enforce_nice_config (issue 8252) - Fix salt.util.copyfile umask usage (issue 8590) - Fix rescheduling of failed jobs (issue 8941) - Fix conflicting options in postgres module (issue 8717) - Fix ps modules for psutil >= 0.3.0 (issue 7432) - Fix postgres module to return False on failure (issue 8778) - Fix argument passing for args with pound signs (issue 8585) - Fix pid of salt CLi command showing in status.pid output (issue 8720) - Fix rvm to run gem as the correct user (issue 8951) - Fix namespace issue in win_file module (issue 9060) - Fix masterless state paths on windows (issue 9021) - Fix timeout option in master config (issue 9040) - Add bugzilla for solved issues - dropped python-urllib3 depency not in factory yet. only needed with saltstack helium and higher - Updated to salt 0.17.2 Bugfix Release: - Add ability to delete key with grains.delval (issue 7872) - Fix possible state compiler stack trace (issue 5767) - Fix grains targeting for new grains (issue 5737) - Fix bug with merging in git_pillar (issue 6992) - Fix print_jobs duplicate results - Fix possible KeyError from ext_job_cache missing option - Fix auto_order for - names states (issue 7649) - Fix regression in new gitfs installs (directory not found error) - Fix fileclient in case of master restart (issue 7987) - Try to output warning if CLI command malformed (issue 6538) - Fix --out=quiet to actually be quiet (issue 8000) - Fix for state.sls in salt-ssh (issue 7991) - Fix for MySQL grants ordering issue (issue 5817) - Fix traceback for certain missing CLI args (issue 8016) - Add ability to disable lspci queries on master (issue 4906) - Fail if sls defined in topfile does not exist (issue 5998) - Add ability to downgrade MySQL grants (issue 6606) - Fix ssh_auth.absent traceback (issue 8043) - Fix ID-related issues (issue 8052, issue 8050, and others) - Fix for jinja rendering issues (issue 8066 and issue 8079) - Fix argument parsing in salt-ssh (issue 7928) - Fix some GPU detection instances (issue 6945) - Fix bug preventing includes from other environments in SLS files - Fix for kwargs with dashes (issue 8102) - Fix apache.adduser without apachectl (issue 8123) - Fix issue with evaluating test kwarg in states (issue 7788) - Fix regression in salt.client.Caller() (issue 8078) - Fix bug where cmd.script would try to run even if caching failed (issue 7601) - Fix for mine data not being updated (issue 8144) - Fix a Xen detection edge case (issue 7839) - Fix version generation for when it's part of another git repo (issue 8090) - Fix _handle_iorder stacktrace so that the real syntax error is shown (issue 8114 and issue 7905) - Fix git.latest state when a commit SHA is used (issue 8163) - Fix for specifying identify file in git.latest (issue 8094) - Fix for --output-file CLI arg (issue 8205) - Add ability to specify shutdown time for system.shutdown (issue 7833) - Fix for salt version using non-salt git repo info (issue 8266) - Add additional hints at impact of pkgrepo states when test=True (issue 8247) - Fix for salt-ssh files not being owned by root (issue 8216) - Fix retry logic and error handling in fileserver (related to issue 7755) - Fix file.replace with test=True (issue 8279) - Add flag for limiting file traversal in fileserver (issue 6928) - Fix for extra mine processes (issue 5729) - Fix for unloading custom modules (issue 7691) - Fix for salt-ssh opts (issue 8005 and issue 8271) - Fix compound matcher for grains (issue 7944) - Add dir_mode to file.managed (issue 7860) - Improve traceroute support for FreeBSD and OS X (issue 4927) - Fix for matching minions under syndics (issue 7671) - Improve exception handling for missing ID (issue 8259) - Add configuration option for minion_id_caching - Fix open mode auth errors (issue 8402) - In preparation of salt Helium all requirements of salt-cloud absorbed in salt - Added salt-doc package with html documentation of salt - Disabled salt unit test, new test assert value not in 0.17.1 - Updated requirements python-markupsafe required for salt-ssh - Don't support sysvinit and systemd for the same system; add conditionnal macros to use systemd only on systems which support it and sysvinit on other systems - Updated to salt 0.17.1 bugfix release (bsc#849205, bsc#849204, bsc#849184): - Fix symbolic links in thin.tgz (:issue:`7482`) - Pass env through to file patch state (:issue:`7452`) - Service provider fixes and reporting improvements (:issue:`7361`) - Add --priv option for specifying salt-ssh private key - Fix salt-thin's salt-call on setuptools installations (:issue:`7516`) - Fix salt-ssh to support passwords with spaces (:issue:`7480`) - Fix regression in wildcard includes (:issue:`7455`) - Fix salt-call outputter regression (:issue:`7456`) - Fix custom returner support for startup states (:issue:`7540`) - Fix value handling in augeas (:issue:`7605`) - Fix regression in apt (:issue:`7624`) - Fix minion ID guessing to use socket.getfqdn() first (:issue:`7558`) - Add minion ID caching (:issue:`7558`) - Fix salt-key race condition (:issue:`7304`) - Add --include-all flag to salt-key (:issue:`7399`) - Fix custom grains in pillar (part of :issue:`5716`, :issue:`6083`) - Fix race condition in salt-key (:issue:`7304`) - Fix regression in minion ID guessing, prioritize socket.getfqdn() (:issue:`7558`) - Cache minion ID on first guess (:issue:`7558`) - Allow trailing slash in file.directory state - Fix reporting of file_roots in pillar return (:issue:`5449` and :issue:`5951`) - Remove pillar matching for mine.get (:issue:`7197`) - Sanitize args for multiple execution modules - Fix yumpkag mod_repo functions to filter hidden args (:issue:`7656`) - Fix conflicting IDs in state includes (:issue:`7526`) - Fix mysql_grants.absent string formatting issue (:issue:`7827`) - Fix postgres.version so it won't return None (:issue:`7695`) - Fix for trailing slashes in mount.mounted state - Fix rogue AttributErrors in the outputter system (:issue:`7845`) - Fix for incorrect ssh key encodings resulting in incorrect key added (:issue:`7718`) - Fix for pillar/grains naming regression in python renderer (:issue:`7693`) - Fix args/kwargs handling in the scheduler (:issue:`7422`) - Fix logfile handling for file://, tcp:// and udp:// (:issue:`7754`) - Fix error handling in config file parsing (:issue:`6714`) - Fix RVM using sudo when running as non-root user (:issue:`2193`) - Fix client ACL and underlying logging bugs (:issue:`7706`) - Fix scheduler bug with returner (:issue:`7367`) - Fix user management bug related to default groups (:issue:`7690`) - Fix various salt-ssh bugs (:issue:`7528`) - Many various documentation fixes - Updated init files to be inline with fedora/rhel packaging upstream - Cleaned up spec file: - Unit testing can be done on all distributions - Updated package following salt package guidelins: https://github.com/saltstack/salt/blob/develop/doc/topics/conventions/packa ging.rst - activated salt-testing for unit testing salt before releasing rpm - updated docs - added python-xml as dependency - Updated 0.17.0 Feature Release Major features: - halite (web Gui) - salt ssh (remote execution/states over ssh) with its own package - Rosters (list system targets not know to master) - State Auto Order (state evaluation and execute in order of define) - state.sls Runner (system orchestration from within states via master) - Mercurial Fileserver Backend - External Logging Handlers (sentry and logstash support) - Jenkins Testing - Salt Testing Project (testing libraries for salt) - StormPath External Authentication support - LXC Support (lxc support for salt-virt) - Package dependencies reordering: * salt-master requires python-pyzmq, and recommends python-halite * salt-minion requires python-pyzmq * salt-ssh requires sshpass * salt-syndic requires salt-master Minor features: - 0.17.0 release wil be last release for 0.XX.X numbering system Next release will be .. - Update 0.16.4 bugfix release: - Multiple documentation improvements/additions - Added the osfinger and osarch grains - Fix bug in :mod:`hg.latest ` state that would erroneously delete directories (:issue:`6661`) - Fix bug related to pid not existing for :mod:`ps.top ` (:issue:`6679`) - Fix regression in :mod:`MySQL returner ` (:issue:`6695`) - Fix IP addresses grains (ipv4 and ipv6) to include all addresses (:issue:`6656`) - Fix regression preventing authenticated FTP (:issue:`6733`) - Fix :mod:`file.contains ` on values YAML parses as non-string (:issue:`6817`) - Fix :mod:`file.get_gid `, :mod:`file.get_uid `, and :mod:`file.chown ` for broken symlinks (:issue:`6826`) - Fix comment for service reloads in service state (:issue:`6851`) - Update 0.16.3 bugfix release: - Fixed scheduler config in pillar - Fixed default value for file_recv master config option - Fixed missing master configuration file parameters - Fixed regression in binary package installation on 64-bit systems - Fixed stackgrace when commenting a section in top.sls - Fixed state declarations not formed as a list message. - Fixed infinite loop on minion - Fixed stacktrace in watch when state is 'prereq' - Feature: function filter_by to grains module - Feature: add new "osfinger" grain - Fixed regression bug in salt 0.16.2 - Newly installed salt-minion doesn't create /var/cache/salt/minion/proc - fix let package create this directory next version of Salt doesn't need this. - Updated to salt 0.16.2 - gracefully handle lsb_release data when it is enclosed in quotes - fixed pillar load from master config - pillar function pillar.item and pillar.items instead of pillar.data - fixed traceback when pillar sls is malformed - gracefully handle quoted publish commands - publich function publish.item and publish.items instead of publish.data - salt-key usage in minionswarm script fixed - minion random reauth_delay added to stagger re-auth attempts. - improved user and group management - improved file management - improved package management - service management custom initscripts support - module networking hwaddr renamed to be in line with other modules - fixed traceback in bridge.show - fixed ssh know_hosts and auth.present output. for more information: http://docs.saltstack.com/topics/releases/0.16.2.html - removed not needed requirements: Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/userdel - Updated to salt 0.16.1 - Bugfix release - postgresql module Fixes #6352. - returner fixes Fixes issue #5518 - http authentication issues fixed #6356 - warning of deprecation runas in favor of user - more information at https://github.com/saltstack/salt/commits/v0.16.1 - Updated init files, rc_status instead of rc status. - Update to salt 0.16.0 final - Multi-Master capability - Prereq, the new requisite - Peer system improvement - Relative Includes - More state Output Options - Improved Windows Support - Multi Targets for pkg.removed, pgk.purged States - Random Times in cron states - Confirmation Prompt on Key acceptance on master - full changelog details: http://docs.saltstack.com/topics/releases/0.16.0.html - Updated to salt 0.16.0RC - New Features in 0.16.0: - Multi-Master capability - Prereq, the new requisite - Peer system improvement - Relative Includes - More state Output Options - Improved Windows Support - Multi Targets for pkg.removed, pgk.purged States - Random Times in cron states - Confirmation Prompt on Key acceptance on master - full changelog details: http://docs.saltstack.com/topics/releases/0.16.0.html - Updated init files from upstream, so init files are the same for fedora/redhat/centos/debian/suse - Removed salt user and daemon.conf file, so package is in line with upstream packages fedora/centos/debian. - minor permission fix on salt config files to fix external auth - Service release 0.15.3 showstoppers from 0.15.2: - mine fix cross validity. - redhat package issue - pillar refresh fix - Service release 0.15.2 xinetd service name not appended virt-module uses qemu-img publish.publish returns same info as salt-master updated gitfs module - Fixed salt-master config file not readable by user 'salt' - Updated package spec: security enhancement. added system user salt to run salt-master under privileged user 'salt' added config dirs, master.d/minion.d/syndic.d to add config files. added salt-daemon.conf were salt user is specified under salt-master. - Updated package spec, for systemd unit files according to how systemd files needs to be packaged - added logrotate on salt log files - fixed rpmlint complain about reload function in init files - Updated to salt 0.15.1 - bugfix release. - fixes suse service check - Updated to salt 0.15.0 Major update: - salt mine function - ipv6 support - copy files from minions to master - better template debugging - state event firing - major syndic updates - peer system updates - minion key revokation - function return codes - functions in overstate - Pillar error reporting - Cached State Data - Monitoring states - Read http://docs.saltstack.com/topics/releases/0.15.0.html for more information - improved init files overwrite with /etc/default/salt - Updated init files: - removed probe/reload/force reload this isn't supported - Updated init files - Updated to 0.14.1 bugfix release: - some major fixes for the syndic system, - fixes to file.recurse and external auth and - fixes for windows - Updated salt init files with option -d to really daemonize it - Updated to 0.14.0 MAJOR FEATURES: - Salt - As a Cloud Controller - Libvirt State - New get Functions - Updated to 0.13.3 Last Bugfixes release before 0.14.0 - Updated 0.13.2 Bugfixes release (not specified) - Updated spec file, postun removal of init.d files - Updated to Salt 0.13.1 bugfixes: - Fix #3693 (variable ref'ed before assignment) - Fix stack trace introduced with - Updated limit to be escaped like before and after. - Import install command from setuptools if we use them. - Fix user info not displayed correctly when group doesn't map cleanly - fix bug: Client.cache_dir() - Fix #3717 - Fix #3716 - Fix cmdmod.py daemon error - Updated test to properly determine homebrew user - Fixed whitespace issue - Updated to salt 0.13.0 - Updated Suse Copyright in Spec-file - Cleanup spec file - split syndic from master in separate package - updated to salt 0.12.1 bugfix release - uploaded to salt 1.12.0 spacecmd: - version 4.1.4-1 - only report real error, not result (bsc#1171687) - use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - version 4.1.3-1 - disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - version 4.1.2-1 - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - version 4.1.1-1 - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Fix building and installing on CentOS8/RES8/RHEL8 - Check that a channel doesn't have clones before deleting it (bsc#1138454) - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) - version 4.0.12-1 - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - version 4.0.11-1 - SPEC cleanup - version 4.0.10-1 - add unit tests for spacecmd.api, spacecmd.activationkey and spacecmd.filepreservation - add unit tests for spacecmd.shell - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - add makefile and pylint configuration - version 4.0.9-1 - Add Pylint setup - Replace iteritems with items for python2/3 compat (bsc#1129243) - version 4.0.8-1 - fix python 3 bytes issue when handling config channels - version 4.0.7-1 - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) - version 4.0.6-1 - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - version 4.0.5-1 - Fix compatibility with Python 3 - version 4.0.4-1 - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - version 4.0.3-1 - Add function to merge errata and packages through spacecmd (bsc#987798) - show group id on group_details (bsc#1111542) - State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added. - version 4.0.2-1 - add summary to softwarechannel.clone when calling older API versions (bsc#1109023) - New function/Update old functions to handle state channels as well - version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Suggest not to use password option for spacecmd (bsc#1103090) - version 2.8.25.4-1 - add option to set cleanup type for system_delete (bsc#1094190) - version 2.8.25.3-1 - Sync with upstream (bsc#1083294) - version 2.8.25.2-1 - Sync with upstream (bsc#1083294) - 1539878 - add save_cache to do_ssm_intersect - Fix softwarechannel_listsyncschedule - version 2.8.21.2-1 - Disable pylint for python2 and RES < 8 (bsc#1088070) - version 2.8.21.1-1 - Sync with upstream (bsc#1083294) - Connect to API using FQDN instead of hostname to avoid SSL validation problems (bsc#1085667) - version 2.8.20.1-1 - 1536484 - Command spacecmd supports utf8 name of systems - 1484056 - updatefile and addfile are basically same calls - 1484056 - make configchannel_addfile fully non-interactive - 1445725 - display all checksum types, not just MD5 - remove clean section from spec (bsc#1083294) - Added function to update software channel. Moreover, some refactoring has been done(bsc#1076578) - version 2.8.17.2-1 - add more python3 compatibility changes - version 2.8.17.1-1 - Compatibility with Python 3 - Fix typo (bsc#1081151) - Configure gpg_flag via spacecmd creating a channel (bsc#1080290) - version 2.8.15.3-1 - Allow scheduling the change of software channels as an action. The previous channels remain accessible to the registered system until the action is executed. to the registered system until the action is executed. - version 2.8.15.2-1 - support multiple FQDNs per system (bsc#1063419) - version 2.8.13.2-1 - Fix bsc number for change 'configchannel export binary flag to json' - version 2.8.13.1-1 - add --config option to spacecmd - Added custom JSON encoder in order to parse date fields correctly (bsc#1070372) - version 2.8.10.1-1 - pylint - fix intendation - version 2.8.9.1-1 - fix build with python 3 - show list of arches for channel - allow softwarechannel_setsyncschedule to disable schedule - add softwarechannel_setsyncschedule --latest - in case of system named by id, let id take precedence - Make spacecmd prompt for password when overriding config file user - show less output of common packages in selected channels - adding softwarechannel_listmanageablechannels - version 2.7.8.7-1 - Switched logging from warning to debug - version 2.7.8.6-1 - configchannel export binary flag to json (bsc#1044719) - version 2.7.8.5-1 - spacecmd report_outofdatesystems: avoid one XMLRPC call per system (bsc#1015882) - version 2.7.8.4-1 - Remove debug logging from softwarechannel_sync function - version 2.7.8.3-1 - Remove get_certificateexpiration support in spacecmd (bsc#1013876) - version 2.7.8.2-1 - Adding softwarechannel_listmanageablechannels - version 2.7.8.1-1 - fix syntax error - version 2.7.7.1-1 - make sure to know if we get into default function and exit accordingly - version 2.7.6.1-1 - exit with 1 with incorrect command, wrong server, etc. - Updated links to github in spec files - print also systemdid with system name - improve output on error for listrepo (bsc#1027426) - print profile_name instead of string we're searching for - Fix: reword spacecmd removal msg (bsc#1024406) - Fix interactive mode - Add a type parameter to repo_create - version 2.7.3.2-1 - Removed obsolete code (bsc#1013938) - version 2.7.3.1-1 - Version 2.7.3-1 - version 2.5.5.3-1 - Make exception class more generic and code fixup (bsc#1003449) - Handle exceptions raised by listChannels (bsc#1003449) - Alert if a non-unique package ID is detected - version 2.5.5.2-1 - make spacecmd createRepo compatible with SUSE Manager 2.1 API (bsc#977264) - version 2.5.5.1-1 - mimetype detection to set the binary flag requires 'file' tool - Text description missing for remote command by Spacecmd - version 2.5.2.1-1 - spacecmd: repo_details show 'None' if repository doesn't have SSL Certtificate - spacecmd: Added functions to add/edit SSL certificates for repositories - version 2.5.1.2-1 - build spacecmd noarch only on new systems - version 2.5.1.1-1 - mimetype detection to set the binary flag requires 'file' tool - fix export/cloning: always base64 - Always base64 encode to avoid trim() bugs in the XML-RPC library. - set binary mode on uploaded files based on content (bsc#948245) - version 2.5.0.1-1 - drop monitoring - replace upstream subscription counting with new subscription matching (FATE#311619) - version 2.1.25.10-1 - Revert "1207606 - do not return one package multiple times" (bsc#945380) - check for existence of device description in spacecmd system_listhardware (bsc#932288) - version 2.1.25.9-1 - do not escape spacecmd command arguments - do not return one package multiple times - add system_setcontactmethod (FATE#314858) - add activationkey_setcontactmethod (FATE#314858) - show contact method with activationkey_details and system_details - clone config files without loosing trailing new lines (bsc#926318) - version 2.1.25.8-1 - sanitize data from export - version 2.1.25.7-1 - fix configchannel export - do not create 'contents' key for directories (bsc#908849) - fix patch summary printing - code cleanup - add new function kickstart_getsoftwaredetails - Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd - version 2.1.25.6-1 - call listAutoinstallableChannels() for listing distributions (bsc#887879) - Fix spacecmd schedule listing (bsc#902494) - Teach spacecmd report_errata to process all-errata in the absence of further args - fix call of setCustomOptions() during kickstart_importjson (bsc#879904) - version 2.1.25.5-1 - spacecmd: fix listupgrades [bsc#892707] - version 2.1.25.4-1 - make print_result a static method of SpacewalkShell (bsc#889605) - version 2.1.25.3-1 - Added option to force deployment of a config channel to all subscribed systems - Added last boot message in system_details command - Updated kickstart_import documentation - Added kickstart_import_raw command - version 2.1.25.2-1 - set output encoding when stdout is not a tty - version 2.1.25.1-1 - make file_needs_b64_enc work for both str and unicode inputs - version 2.1.24.1-1 - Updating the copyright years info - version 2.1.22.1-1 - fix spacecmd, so it does not expect package id within the system.listPackages API call - fix binary file detection - added function package_listdependencies - version 2.1.20.1-1 - don't attempt to write out 'None' - fix system listing when identified by system id - version 2.1.18.1-1 - switch to 2.1 - version 1.7.7.11-1 - fixing spacecmd ssm 'list' has no attribute 'keys' error - version 1.7.7.10-1 - spacecmd errors out when trying to add script to kickstart - Make spacecmd able to specify config channel label - version 1.7.7.9-1 - fix directory export in configchannel_export - use 755 as default permissions for directories in configfile_getinfo - fix directory creation in configchannel_addfile - print the list of systems in system_runscript - print the list of systems in system_reboot - return a unique set from expand_systems - print a clearer error message when duplicate system names are found - standardize the behavior for when a system ID is not returned - add a delay before regenerating the system cache after a delete - handle binary files correctly in configfile_getinfo - print the name in the confirmation message of snippet_create - don't reuse variable names in parse_arguments - print the function's help message when -h in the argument list - print file path in package_details - fixing broken export of configchannels with symlinks - version 1.7.7.8-1 - prevent outputting escape sequences to non-terminals - Fixed small typo in spacecmd/src/lib/kickstart.py - do not quote argument of the help command (bsc#776615) - version 1.7.7.7-1 - Fix kickstart_export with old API versions - command line parameter for "distribution path" was documented wrong in help text (bsc#769106) - "suse" was missing in the helptext of the CLI for distributions (bsc#769108) - version 1.7.7.6-1 - enhancement add configchannel_sync - enhancement add softwarechannel_sync - version 1.7.7.5-1 - fixing chroot option for addscript - version 1.7.7.4-1 - kickstart_getcontents fix character encoding error - activationkey_import don't add empty package/group lists - fix activationkey_import when no base-channel specified - Fix reference to non-existent variable - improve configchannel_export operation on old API versions - *diff functions allow python 2.4 compatibility - changed get_string_diff_dicts to better fitting replacement method - remove reference to stage function - add do_SPACEWALKCOMPONENT_diff functions - system_comparewithchannel filter system packagelist - argument validation needed for configchannel_addfile - configchannel_addfile don't display b64 file contents - version 1.7.7.3-1 - enhancement add system_addconfigfile - Fix usage for configchannel_addfile - enhancement Add system_listconfigfiles - add option to allow templating for spacecmd kickstarting - version 1.7.7.2-1 - softwarechannel_clone avoid ISE on duplicate name - softwarechannel_adderrata mergeErrata should be cloneErrataAsOriginal - Add globbing support to distribution_details - Add globbing support to distribution_delete - Cleanup some typos in comments - custominfo_details add support for globbing key names - custominfo_deletekey add support for globbing key names - Add cryptokey_details globbing support - cryptokey_delete add support for globbing - Workaround missing date key in recent spacewalk listErrata - Add validation to softwarechannel_adderrata channel args - softwarechannel_adderrata add --skip mode - Add --quick mode to softwarechannel_adderrata - Allow config-channel export of b64 encoded files - Update the spacecmd copyright years - version 1.7.7.1-1 - Bumping package version - debranding - backport upstrem fixes - Initial release of spacecmd Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-suse-manager-client-tools-ubuntu2004-202006-14431=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): libnorm1-1.5.8+dfsg2-2build1 libpgm-5.2-0-5.2.122~dfsg-3ubuntu1 libzmq5-4.3.2-2ubuntu1 prometheus-apache-exporter-0.7.0+ds-1 prometheus-node-exporter-0.18.1+ds-2 prometheus-postgres-exporter-0.8.0+ds-1 python3-zmq-18.1.1-3 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.7.1 salt-minion-3000+ds-1+2.7.1 spacecmd-4.1.4-2.3.2 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1013938 https://bugzilla.suse.com/1015882 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1080290 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101780 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1124277 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133523 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1134860 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1135567 https://bugzilla.suse.com/1135656 https://bugzilla.suse.com/1135732 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1137642 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1138952 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1140912 https://bugzilla.suse.com/1143301 https://bugzilla.suse.com/1146192 https://bugzilla.suse.com/1146382 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1148714 https://bugzilla.suse.com/1150447 https://bugzilla.suse.com/1151650 https://bugzilla.suse.com/1151947 https://bugzilla.suse.com/1152366 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1153611 https://bugzilla.suse.com/1154620 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1158940 https://bugzilla.suse.com/1159118 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1160931 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170042 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 https://bugzilla.suse.com/769106 https://bugzilla.suse.com/769108 https://bugzilla.suse.com/776615 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/948245 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/987798 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Mon Jul 20 22:48:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:48:07 +0200 (CEST) Subject: SUSE-SU-2020:1971-1: moderate: Security update for Salt Message-ID: <20200721044807.40C3FFDE4@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1971-1 Rating: moderate References: #1157465 #1159284 #1162327 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 12 fixes is now available. Description: This update fixes the following issues: salt: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-1971=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-1971=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-1971=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-1971=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-1971=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-doc-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Manager Tools 12 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-api-3000-46.101.1 salt-cloud-3000-46.101.1 salt-doc-3000-46.101.1 salt-master-3000-46.101.1 salt-minion-3000-46.101.1 salt-proxy-3000-46.101.1 salt-ssh-3000-46.101.1 salt-standalone-formulas-configuration-3000-46.101.1 salt-syndic-3000-46.101.1 - SUSE Manager Server 3.2 (noarch): python-singledispatch-3.4.0.3-1.5.1 salt-bash-completion-3000-46.101.1 salt-zsh-completion-3000-46.101.1 - SUSE Manager Proxy 3.2 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-3000-46.101.1 salt-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.101.1 salt-3000-46.101.1 salt-api-3000-46.101.1 salt-cloud-3000-46.101.1 salt-doc-3000-46.101.1 salt-master-3000-46.101.1 salt-minion-3000-46.101.1 salt-proxy-3000-46.101.1 salt-ssh-3000-46.101.1 salt-standalone-formulas-configuration-3000-46.101.1 salt-syndic-3000-46.101.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-singledispatch-3.4.0.3-1.5.1 salt-bash-completion-3000-46.101.1 salt-zsh-completion-3000-46.101.1 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Mon Jul 20 22:50:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:50:31 +0200 (CEST) Subject: SUSE-SU-2020:1970-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721045031.2027EFDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1970-1 Rating: moderate References: #1113160 #1134195 #1138822 #1141661 #1142038 #1143913 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1170231 #1170557 #1171687 #1172462 Cross-References: CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves four vulnerabilities and has 15 fixes is now available. Description: This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix (bsc#1141661) - Removes string replace for textmode fix (bsc#1134195) golang-github-prometheus-node_exporter: - Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix rollover bug in mountstats collector #1364 * Renamed interface label to device in netclass collector for consistency with * other network metrics #1224 * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 * The labels for the network_up metric have changed, see issue #1236 * Bonding collector now uses mii_status instead of operstatus #1124 * Several systemd metrics have been turned off by default to improve performance #1254 * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 * [CHANGE] Renamed interface label to device in netclass collector #1224 * [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 * [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT] Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid "have choice" build issues in OBS. + Rebase and update patches for version 2.18.0 + Changed: * 0002-Default-settings.patch Changed - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and "Xs ago" duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-102 15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Modified 0003-Add-Uyuni-service-discovery.patch: + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange "dashboard not found" errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking "Load more" from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. gmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - sted keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)". #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint???s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues??? #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ???start??? and ???end??? params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don???t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don???t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn???t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix ???missing saved state??? OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode??? #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn???t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ???|??? literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly "successful" and "successfully" - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1970=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1970=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1970=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1970=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-1970=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1970=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1970=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1970=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1970=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1970=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1970=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1970=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1970=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 9 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 9 (noarch): cobbler-2.6.6-49.26.3 - SUSE OpenStack Cloud 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.26.3 - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 golang-github-prometheus-prometheus-2.18.0-1.12.2 grafana-7.0.3-1.9.3 grafana-debuginfo-7.0.3-1.9.3 python2-uyuni-common-libs-4.1.5-1.3.2 uyuni-base-common-4.1.1-1.3.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.26.3 mgr-cfg-4.1.2-1.12.3 mgr-cfg-actions-4.1.2-1.12.3 mgr-cfg-client-4.1.2-1.12.3 mgr-cfg-management-4.1.2-1.12.3 mgr-custom-info-4.1.1-1.6.1 mgr-daemon-4.1.1-1.14.2 mgr-osad-4.1.2-1.15.2 mgr-push-4.1.1-1.6.3 mgr-virtualization-host-4.1.1-1.14.3 python2-mgr-cfg-4.1.2-1.12.3 python2-mgr-cfg-actions-4.1.2-1.12.3 python2-mgr-cfg-client-4.1.2-1.12.3 python2-mgr-cfg-management-4.1.2-1.12.3 python2-mgr-osa-common-4.1.2-1.15.2 python2-mgr-osad-4.1.2-1.15.2 python2-mgr-push-4.1.1-1.6.3 python2-mgr-virtualization-common-4.1.1-1.14.3 python2-mgr-virtualization-host-4.1.1-1.14.3 python2-rhnlib-4.1.2-21.22.2 python2-spacewalk-check-4.1.5-52.32.2 python2-spacewalk-client-setup-4.1.5-52.32.2 python2-spacewalk-client-tools-4.1.5-52.32.2 python2-spacewalk-koan-4.1.1-24.12.2 python2-spacewalk-oscap-4.1.1-19.12.1 python2-suseRegisterInfo-4.1.2-25.9.2 python2-zypp-plugin-spacewalk-1.0.7-30.21.2 spacecmd-4.1.4-38.61.2 spacewalk-check-4.1.5-52.32.2 spacewalk-client-setup-4.1.5-52.32.2 spacewalk-client-tools-4.1.5-52.32.2 spacewalk-koan-4.1.1-24.12.2 spacewalk-oscap-4.1.1-19.12.1 spacewalk-remote-utils-4.1.1-24.15.3 supportutils-plugin-susemanager-client-4.1.2-6.15.1 suseRegisterInfo-4.1.2-25.9.2 zypp-plugin-spacewalk-1.0.7-30.21.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.26.3 - HPE Helion Openstack 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 References: https://www.suse.com/security/cve/CVE-2019-10215.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2020-12245.html https://www.suse.com/security/cve/CVE-2020-13379.html https://bugzilla.suse.com/1113160 https://bugzilla.suse.com/1134195 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1141661 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143913 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1154968 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165921 https://bugzilla.suse.com/1168310 https://bugzilla.suse.com/1170231 https://bugzilla.suse.com/1170557 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172462 From sle-updates at lists.suse.com Mon Jul 20 22:53:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:53:33 +0200 (CEST) Subject: SUSE-RU-2020:1965-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20200721045333.03863FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1965-1 Rating: moderate References: #1153234 #1159226 #1162843 #1164836 #1166516 #1167871 #1168805 #1168845 #1169207 #1169209 #1169520 #1169550 #1169553 #1169604 #1169773 #1169779 #1170046 #1170197 #1170462 #1170824 #1171251 #1171287 #1171461 #1171491 #1171494 #1171526 #1171687 #1171859 #1171885 #1172190 #1172269 #1172286 #1172558 #1172627 #1172712 #1173120 #1173896 #1173946 #1174167 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 39 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fixes template engine selection(bsc#1170462) - Fixes a template rendering error (bsc#1169779) - Use systemctl to restart cobblerd on logfile rotation (bsc#1169207) - Fix cobbler sync for DHCP or DNS (bsc#1169553) grafana-formula: - Restart Grafana when updating configuration image-sync-formula: - Install shim.efi on usb boot image patterns-suse-manager: - Remove Recommends for traditional client from proxy pattern as this will install the traditional stack during upgrades (bsc#1171494) - Add requires for openvpn-formula prometheus-formula: - Bugfix: Check for non-empty credentials (bsc#1168805) saltboot-formula: - Allow wildcards for device name (bsc#1170824) - Fix corner cases of RAID setup - Update form and metadata to use new formula features spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) spacewalk-backend: - Supportconfig speedup fixes, add option to not compress spacewalk-debug output dir - Prevent failure when syncing from RHEL CDN due extra params (bsc#1171885) - Use default sender address from web namespace spacewalk-branding: - Updated the message about automatically installing product packages (bsc#1169520) spacewalk-java: - Enable the monitoring checkbox for Ubuntu 20.04 systems (bsc#1173120) - Avoid traceback with AssertionError: Failed to update row (bsc#1172558) - Apply highstate when add-on system types should be applied to the system on bootstrapping (bsc#1172190) - Fixed bug where in scheduling a vhm refresh would result in a permission error for org admins - Make automatic system locking for cluster node (CaaSP) user configurable - Speed up getAllChannels api call (bsc#1153234) - Improve Content Lifecycle Management build and promotion performance (bsc#1159226) - Correctly set action to failed in case of Salt errors on execution (bsc#1169604) - Fix saving image profile custom info values with XMLRPC (bsc#1171526) - Fix nullpointer exception during proxy registration (bsc#1171287) - Assign Activation Key channels only (bsc#1166516) - Prevent race condition on metadata generation (bsc#1170197) - New API endpoint for retrieving combined formula data for a list of systems - New API endpoint for retrieving network information for a list of system - New API endpoint for retrieving system groups information for systems with a given entitlement - Fix activation keys request error in image import page (bsc#1170046) - Fix custom info values input in image profile edit form (bsc#1169773) - Add check for non-existing formulas when assigning formulas to a system/group - Add check for non-existing formulas in xmlrpc calls - Use salt for registration for selected install types (bsc#1164836) - Added a new API end point to manage package state (bsc#1169520) - Avoid multiple base channels when onboarding minions (bsc#1167871) spacewalk-web: - Remove lowercase image label limitation - Sort activation keys on bootstrapping page (bsc#1171251) - Auto select recommended and mandatory channels by default (bsc#1162843) - Add hint to edit formulas before applying state (bsc#1168805) - Fix custom info values input in image profile edit form (bsc#1169773) supportutils-plugin-susemanager: - Supportconfig speedup fixes, add option to not compress spacewalk-debug output dir susemanager: - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) - Use python2-uyuni-common-libs and python3-uyuni-common-libs for bootstrap repositories (bsc#1173946) - Copy /var/lib/spacewalk during migration (bsc#1169550) - Enable support for bootstrapping Ubuntu 20.04 LTS added from the Setup Wizard or mgr-sync - Make systemd services and timers enablement really quiet - Migrate cobbler configs for ks_mirror -> distro_mirror rename (bsc#1169209) - Packages for the Ubuntu 18.04 bootstrap repo are now populated with Python3 dependencies (bsc#1168845) susemanager-build-keys: - Trust new keys from supported products (bsc#1172269) susemanager-doc-indexes: - Updates for Ubuntu 20.04 - Remove 4.x Upgrade instructions from 4.0 - Admon re changing auth method - Stop and start proxy service on the proxy susemanager-docs_en: - Updates for Ubuntu 20.04 - Remove 4.x Upgrade instructions from 4.0 - Admon re changing auth method - Stop and start proxy service on the proxy susemanager-schema: - Enable the monitoring entitlement for s390x (bsc#1172627) susemanager-sls: - Avoid SSL certificate issue when bootstrapping openSUSE Leap 15.2 (bsc#1172712) - Add missing certs SLS files for Debian 10 and Ubuntu 20.04 (bsc#1173896) - Trust customer gpg key when metadata signing is enabled - Specify gpg key for RH systems in repo file (bsc#1172286) - Handle GPG check flags different for yum/dnf (bsc#1171859) - Set YAML loader to fix deprecation warnings - Fix failing "Hardware Refresh" actions because wrong "instance_id" reported from minion due a captive portal on the network (bsc#1171491) - Ubuntu no longer shows removed packages as installed (bsc#1171461) virtualization-host-formula: - Hidden required fields should not be required How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-1965=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): patterns-suma_retail-4.0-9.16.1 patterns-suma_server-4.0-9.16.1 spacewalk-branding-4.0.17-3.15.1 susemanager-4.0.26-3.30.1 susemanager-tools-4.0.26-3.30.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cobbler-3.0.0+git20190806.32c4bae0-7.13.1 grafana-formula-0.2.1-4.10.1 image-sync-formula-0.1.1588156049.952b58d-3.17.1 prometheus-formula-0.2.1-4.13.1 python3-spacewalk-backend-libs-4.0.32-3.29.1 saltboot-formula-0.1.1590413773.a959db7-3.13.1 spacecmd-4.0.19-3.16.1 spacewalk-backend-4.0.32-3.29.1 spacewalk-backend-app-4.0.32-3.29.1 spacewalk-backend-applet-4.0.32-3.29.1 spacewalk-backend-config-files-4.0.32-3.29.1 spacewalk-backend-config-files-common-4.0.32-3.29.1 spacewalk-backend-config-files-tool-4.0.32-3.29.1 spacewalk-backend-iss-4.0.32-3.29.1 spacewalk-backend-iss-export-4.0.32-3.29.1 spacewalk-backend-package-push-server-4.0.32-3.29.1 spacewalk-backend-server-4.0.32-3.29.1 spacewalk-backend-sql-4.0.32-3.29.1 spacewalk-backend-sql-postgresql-4.0.32-3.29.1 spacewalk-backend-tools-4.0.32-3.29.1 spacewalk-backend-xml-export-libs-4.0.32-3.29.1 spacewalk-backend-xmlrpc-4.0.32-3.29.1 spacewalk-base-4.0.21-3.24.2 spacewalk-base-minimal-4.0.21-3.24.2 spacewalk-base-minimal-config-4.0.21-3.24.2 spacewalk-html-4.0.21-3.24.2 spacewalk-java-4.0.34-3.31.1 spacewalk-java-config-4.0.34-3.31.1 spacewalk-java-lib-4.0.34-3.31.1 spacewalk-java-postgresql-4.0.34-3.31.1 spacewalk-taskomatic-4.0.34-3.31.1 supportutils-plugin-susemanager-4.0.4-3.3.1 susemanager-build-keys-15.1.0-3.3.1 susemanager-build-keys-web-15.1.0-3.3.1 susemanager-doc-indexes-4.0-10.24.1 susemanager-docs_en-4.0-10.24.1 susemanager-docs_en-pdf-4.0-10.24.1 susemanager-schema-4.0.20-3.23.1 susemanager-sls-4.0.27-3.25.1 susemanager-web-libs-4.0.21-3.24.2 virtualization-host-formula-0.4-4.9.1 References: https://bugzilla.suse.com/1153234 https://bugzilla.suse.com/1159226 https://bugzilla.suse.com/1162843 https://bugzilla.suse.com/1164836 https://bugzilla.suse.com/1166516 https://bugzilla.suse.com/1167871 https://bugzilla.suse.com/1168805 https://bugzilla.suse.com/1168845 https://bugzilla.suse.com/1169207 https://bugzilla.suse.com/1169209 https://bugzilla.suse.com/1169520 https://bugzilla.suse.com/1169550 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169773 https://bugzilla.suse.com/1169779 https://bugzilla.suse.com/1170046 https://bugzilla.suse.com/1170197 https://bugzilla.suse.com/1170462 https://bugzilla.suse.com/1170824 https://bugzilla.suse.com/1171251 https://bugzilla.suse.com/1171287 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1171491 https://bugzilla.suse.com/1171494 https://bugzilla.suse.com/1171526 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171859 https://bugzilla.suse.com/1171885 https://bugzilla.suse.com/1172190 https://bugzilla.suse.com/1172269 https://bugzilla.suse.com/1172286 https://bugzilla.suse.com/1172558 https://bugzilla.suse.com/1172627 https://bugzilla.suse.com/1172712 https://bugzilla.suse.com/1173120 https://bugzilla.suse.com/1173896 https://bugzilla.suse.com/1173946 https://bugzilla.suse.com/1174167 From sle-updates at lists.suse.com Mon Jul 20 22:58:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:58:27 +0200 (CEST) Subject: SUSE-SU-2020:1972-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721045827.2F63CFDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1972-1 Rating: moderate References: #1113160 #1138822 #1142038 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1170231 #1170557 #1170824 #1171687 #1172462 Cross-References: CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 13 fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid "have choice" build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and "Xs ago" duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-102 15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange "dashboard not found" errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking "Load more" from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)". #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint???s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues??? #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ???start??? and ???end??? params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don???t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don???t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn???t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix ???missing saved state??? OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode??? #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn???t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ???|??? literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly "successful" and "successfully" - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-1972=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.18.0-3.12.2 grafana-7.0.3-1.9.2 grafana-debuginfo-7.0.3-1.9.2 python3-uyuni-common-libs-4.1.5-1.3.2 uyuni-base-common-4.1.1-1.3.2 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1590413773.a959db7-1.12.2 koan-2.9.0-4.15.2 mgr-cfg-4.1.2-1.12.4 mgr-cfg-actions-4.1.2-1.12.4 mgr-cfg-client-4.1.2-1.12.4 mgr-cfg-management-4.1.2-1.12.4 mgr-custom-info-4.1.1-1.6.2 mgr-daemon-4.1.1-1.14.2 mgr-osad-4.1.2-1.15.2 mgr-push-4.1.1-1.6.4 mgr-virtualization-host-4.1.1-1.14.2 python3-mgr-cfg-4.1.2-1.12.4 python3-mgr-cfg-actions-4.1.2-1.12.4 python3-mgr-cfg-client-4.1.2-1.12.4 python3-mgr-cfg-management-4.1.2-1.12.4 python3-mgr-osa-common-4.1.2-1.15.2 python3-mgr-osad-4.1.2-1.15.2 python3-mgr-push-4.1.1-1.6.4 python3-mgr-virtualization-common-4.1.1-1.14.2 python3-mgr-virtualization-host-4.1.1-1.14.2 python3-rhnlib-4.1.2-3.16.2 python3-spacewalk-check-4.1.5-3.23.2 python3-spacewalk-client-setup-4.1.5-3.23.2 python3-spacewalk-client-tools-4.1.5-3.23.2 python3-spacewalk-koan-4.1.1-3.9.2 python3-spacewalk-oscap-4.1.1-3.6.3 python3-suseRegisterInfo-4.1.2-3.6.2 python3-zypp-plugin-spacewalk-1.0.7-3.12.2 spacecmd-4.1.4-3.38.2 spacewalk-check-4.1.5-3.23.2 spacewalk-client-setup-4.1.5-3.23.2 spacewalk-client-tools-4.1.5-3.23.2 spacewalk-koan-4.1.1-3.9.2 spacewalk-oscap-4.1.1-3.6.3 spacewalk-remote-utils-4.1.1-3.12.4 supportutils-plugin-susemanager-client-4.1.2-3.9.2 suseRegisterInfo-4.1.2-3.6.2 zypp-plugin-spacewalk-1.0.7-3.12.2 References: https://www.suse.com/security/cve/CVE-2019-10215.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2020-12245.html https://www.suse.com/security/cve/CVE-2020-13379.html https://bugzilla.suse.com/1113160 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1154968 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165921 https://bugzilla.suse.com/1168310 https://bugzilla.suse.com/1170231 https://bugzilla.suse.com/1170557 https://bugzilla.suse.com/1170824 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172462 From sle-updates at lists.suse.com Mon Jul 20 23:01:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:01:15 +0200 (CEST) Subject: SUSE-RU-2020:1980-1: moderate: Recommended update for golang-github-prometheus-node_exporter Message-ID: <20200721050115.56626FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-node_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1980-1 Rating: moderate References: #1143913 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1980=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1980=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1980=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1980=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.18.1-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): golang-github-prometheus-node_exporter-0.18.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-0.18.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-0.18.1-3.6.1 References: https://bugzilla.suse.com/1143913 From sle-updates at lists.suse.com Mon Jul 20 23:01:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:01:56 +0200 (CEST) Subject: SUSE-SU-2020:14430-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721050156.DC9A0FDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14430-1 Rating: moderate References: #1153090 #1153277 #1154940 #1155372 #1157465 #1159284 #1162327 #1163871 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix for TypeError in Tornado importer (bsc#1174165) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202006-14430=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): python3-systemd-234-2build2 python3-tornado-4.5.3-1ubuntu0.1 python3-zmq-16.0.2-2build2 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+48.1 salt-minion-3000+ds-1+48.1 spacecmd-4.1.4-5.2 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Mon Jul 20 23:05:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:05:04 +0200 (CEST) Subject: SUSE-RU-2020:1965-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20200721050504.2308AFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1965-1 Rating: moderate References: #1153234 #1159226 #1162843 #1164836 #1166516 #1167265 #1167871 #1168805 #1168845 #1169207 #1169209 #1169520 #1169535 #1169550 #1169553 #1169604 #1169773 #1169779 #1170046 #1170197 #1170462 #1170824 #1171169 #1171251 #1171287 #1171461 #1171491 #1171494 #1171526 #1171687 #1171859 #1171885 #1172190 #1172269 #1172286 #1172462 #1172558 #1172627 #1172712 #1173120 #1173896 #1173946 #1174167 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 43 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fixes template engine selection(bsc#1170462) - Fixes a template rendering error (bsc#1169779) - Use systemctl to restart cobblerd on logfile rotation (bsc#1169207) - Fix cobbler sync for DHCP or DNS (bsc#1169553) grafana-formula: - Restart Grafana when updating configuration image-sync-formula: - Install shim.efi on usb boot image patterns-suse-manager: - Remove Recommends for traditional client from proxy pattern as this will install the traditional stack during upgrades (bsc#1171494) - Add requires for openvpn-formula prometheus-formula: - Bugfix: Check for non-empty credentials (bsc#1168805) saltboot-formula: - Allow wildcards for device name (bsc#1170824) - Fix corner cases of RAID setup - Update form and metadata to use new formula features spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) spacewalk-backend: - Supportconfig speedup fixes, add option to not compress spacewalk-debug output dir - Prevent failure when syncing from RHEL CDN due extra params (bsc#1171885) - Use default sender address from web namespace spacewalk-branding: - Updated the message about automatically installing product packages (bsc#1169520) spacewalk-java: - Enable the monitoring checkbox for Ubuntu 20.04 systems (bsc#1173120) - Avoid traceback with AssertionError: Failed to update row (bsc#1172558) - Apply highstate when add-on system types should be applied to the system on bootstrapping (bsc#1172190) - Fixed bug where in scheduling a vhm refresh would result in a permission error for org admins - Make automatic system locking for cluster node (CaaSP) user configurable - Speed up getAllChannels api call (bsc#1153234) - Improve Content Lifecycle Management build and promotion performance (bsc#1159226) - Correctly set action to failed in case of Salt errors on execution (bsc#1169604) - Fix saving image profile custom info values with XMLRPC (bsc#1171526) - Fix nullpointer exception during proxy registration (bsc#1171287) - Assign Activation Key channels only (bsc#1166516) - Prevent race condition on metadata generation (bsc#1170197) - New API endpoint for retrieving combined formula data for a list of systems - New API endpoint for retrieving network information for a list of system - New API endpoint for retrieving system groups information for systems with a given entitlement - Fix activation keys request error in image import page (bsc#1170046) - Fix custom info values input in image profile edit form (bsc#1169773) - Add check for non-existing formulas when assigning formulas to a system/group - Add check for non-existing formulas in xmlrpc calls - Use salt for registration for selected install types (bsc#1164836) - Added a new API end point to manage package state (bsc#1169520) - Avoid multiple base channels when onboarding minions (bsc#1167871) spacewalk-web: - Remove lowercase image label limitation - Sort activation keys on bootstrapping page (bsc#1171251) - Auto select recommended and mandatory channels by default (bsc#1162843) - Add hint to edit formulas before applying state (bsc#1168805) - Fix custom info values input in image profile edit form (bsc#1169773) supportutils-plugin-susemanager: - Supportconfig speedup fixes, add option to not compress spacewalk-debug output dir susemanager: - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167) - Use python2-uyuni-common-libs and python3-uyuni-common-libs for bootstrap repositories (bsc#1173946) - Copy /var/lib/spacewalk during migration (bsc#1169550) - Enable support for bootstrapping Ubuntu 20.04 LTS added from the Setup Wizard or mgr-sync - Make systemd services and timers enablement really quiet - Migrate cobbler configs for ks_mirror -> distro_mirror rename (bsc#1169209) - Packages for the Ubuntu 18.04 bootstrap repo are now populated with Python3 dependencies (bsc#1168845) susemanager-build-keys: - Trust new keys from supported products (bsc#1172269) susemanager-doc-indexes: - Updates for Ubuntu 20.04 - Remove 4.x Upgrade instructions from 4.0 - Admon re changing auth method - Stop and start proxy service on the proxy susemanager-docs_en: - Updates for Ubuntu 20.04 - Remove 4.x Upgrade instructions from 4.0 - Admon re changing auth method - Stop and start proxy service on the proxy susemanager-schema: - Enable the monitoring entitlement for s390x (bsc#1172627) susemanager-sls: - Avoid SSL certificate issue when bootstrapping openSUSE Leap 15.2 (bsc#1172712) - Add missing certs SLS files for Debian 10 and Ubuntu 20.04 (bsc#1173896) - Trust customer gpg key when metadata signing is enabled - Specify gpg key for RH systems in repo file (bsc#1172286) - Handle GPG check flags different for yum/dnf (bsc#1171859) - Set YAML loader to fix deprecation warnings - Fix failing "Hardware Refresh" actions because wrong "instance_id" reported from minion due a captive portal on the network (bsc#1171491) - Ubuntu no longer shows removed packages as installed (bsc#1171461) virtualization-host-formula: - Hidden required fields should not be required How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-1965=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-1965=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): patterns-suma_retail-4.0-9.16.1 patterns-suma_server-4.0-9.16.1 spacewalk-branding-4.0.17-3.15.1 susemanager-4.0.26-3.30.1 susemanager-tools-4.0.26-3.30.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): cobbler-3.0.0+git20190806.32c4bae0-7.13.1 grafana-formula-0.2.1-4.10.1 image-sync-formula-0.1.1588156049.952b58d-3.17.1 prometheus-formula-0.2.1-4.13.1 python3-spacewalk-backend-libs-4.0.32-3.29.1 saltboot-formula-0.1.1590413773.a959db7-3.13.1 spacecmd-4.0.19-3.16.1 spacewalk-backend-4.0.32-3.29.1 spacewalk-backend-app-4.0.32-3.29.1 spacewalk-backend-applet-4.0.32-3.29.1 spacewalk-backend-config-files-4.0.32-3.29.1 spacewalk-backend-config-files-common-4.0.32-3.29.1 spacewalk-backend-config-files-tool-4.0.32-3.29.1 spacewalk-backend-iss-4.0.32-3.29.1 spacewalk-backend-iss-export-4.0.32-3.29.1 spacewalk-backend-package-push-server-4.0.32-3.29.1 spacewalk-backend-server-4.0.32-3.29.1 spacewalk-backend-sql-4.0.32-3.29.1 spacewalk-backend-sql-postgresql-4.0.32-3.29.1 spacewalk-backend-tools-4.0.32-3.29.1 spacewalk-backend-xml-export-libs-4.0.32-3.29.1 spacewalk-backend-xmlrpc-4.0.32-3.29.1 spacewalk-base-4.0.21-3.24.2 spacewalk-base-minimal-4.0.21-3.24.2 spacewalk-base-minimal-config-4.0.21-3.24.2 spacewalk-html-4.0.21-3.24.2 spacewalk-java-4.0.34-3.31.1 spacewalk-java-config-4.0.34-3.31.1 spacewalk-java-lib-4.0.34-3.31.1 spacewalk-java-postgresql-4.0.34-3.31.1 spacewalk-taskomatic-4.0.34-3.31.1 supportutils-plugin-susemanager-4.0.4-3.3.1 susemanager-build-keys-15.1.0-3.3.1 susemanager-build-keys-web-15.1.0-3.3.1 susemanager-doc-indexes-4.0-10.24.1 susemanager-docs_en-4.0-10.24.1 susemanager-docs_en-pdf-4.0-10.24.1 susemanager-schema-4.0.20-3.23.1 susemanager-sls-4.0.27-3.25.1 susemanager-web-libs-4.0.21-3.24.2 virtualization-host-formula-0.4-4.9.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.32-3.29.1 python3-zypp-plugin-spacewalk-1.0.7-3.11.1 spacecmd-4.0.19-3.16.1 spacewalk-backend-4.0.32-3.29.1 spacewalk-base-minimal-4.0.21-3.24.2 spacewalk-base-minimal-config-4.0.21-3.24.2 spacewalk-proxy-installer-4.0.13-3.6.1 susemanager-build-keys-15.1.0-3.3.1 susemanager-build-keys-web-15.1.0-3.3.1 susemanager-tftpsync-recv-4.0.7-3.8.1 zypp-plugin-spacewalk-1.0.7-3.11.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (x86_64): patterns-suma_proxy-4.0-9.16.1 References: https://bugzilla.suse.com/1153234 https://bugzilla.suse.com/1159226 https://bugzilla.suse.com/1162843 https://bugzilla.suse.com/1164836 https://bugzilla.suse.com/1166516 https://bugzilla.suse.com/1167265 https://bugzilla.suse.com/1167871 https://bugzilla.suse.com/1168805 https://bugzilla.suse.com/1168845 https://bugzilla.suse.com/1169207 https://bugzilla.suse.com/1169209 https://bugzilla.suse.com/1169520 https://bugzilla.suse.com/1169535 https://bugzilla.suse.com/1169550 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169773 https://bugzilla.suse.com/1169779 https://bugzilla.suse.com/1170046 https://bugzilla.suse.com/1170197 https://bugzilla.suse.com/1170462 https://bugzilla.suse.com/1170824 https://bugzilla.suse.com/1171169 https://bugzilla.suse.com/1171251 https://bugzilla.suse.com/1171287 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1171491 https://bugzilla.suse.com/1171494 https://bugzilla.suse.com/1171526 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171859 https://bugzilla.suse.com/1171885 https://bugzilla.suse.com/1172190 https://bugzilla.suse.com/1172269 https://bugzilla.suse.com/1172286 https://bugzilla.suse.com/1172462 https://bugzilla.suse.com/1172558 https://bugzilla.suse.com/1172627 https://bugzilla.suse.com/1172712 https://bugzilla.suse.com/1173120 https://bugzilla.suse.com/1173896 https://bugzilla.suse.com/1173946 https://bugzilla.suse.com/1174167 From sle-updates at lists.suse.com Mon Jul 20 23:11:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:11:21 +0200 (CEST) Subject: SUSE-RU-2020:1979-1: moderate: Recommended update for golang-github-prometheus-node_exporter Message-ID: <20200721051121.B036AFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-node_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1979-1 Rating: moderate References: #1143913 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit. (bsc#1143913) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-1979=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-1979=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1979=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1979=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-3.3.1 References: https://bugzilla.suse.com/1143913 From sle-updates at lists.suse.com Mon Jul 20 23:12:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:12:08 +0200 (CEST) Subject: SUSE-RU-2020:14428-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20200721051208.A8C7EFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14428-1 Rating: moderate References: #1113160 #1138822 #1142038 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1171687 #1172462 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-node_exporter: - Update to 0.18.1 + [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 + [BUGFIX] Fix rollover bug in mountstats collector #1364 - Update to 0.18.0 + Renamed interface label to device in netclass collector for consistency with + other network metrics #1224 + The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 + The labels for the network_up metric have changed, see issue #1236 + Bonding collector now uses mii_status instead of operstatus #1124 + Several systemd metrics have been turned off by default to improve performance #1254 + These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds + The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 + [CHANGE] Bonding state uses mii_status #1124 + [CHANGE] Add a limit to the number of in-flight requests #1166 + [CHANGE] Renamed interface label to device in netclass collector #1224 + [CHANGE] Add separate cpufreq and scaling metrics #1248 + [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 + [CHANGE] Expand systemd collector blacklist #1255 + [CHANGE] Split cpufreq metrics into a separate collector #1253 + [FEATURE] Add a flag to disable exporter metrics #1148 + [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 + [FEATURE] Add uname collector for FreeBSD #1239 + [FEATURE] Add diskstats collector for OpenBSD #1250 + [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 + [FEATURE] Add perf exporter for Linux #1274 + [ENHANCEMENT] Add Infiniband counters #1120 + [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 + [ENHANCEMENT] Move network_up labels into new metric network_info #1236 + [ENHANCEMENT] Use 64-bit counters for Darwin netstat + [BUGFIX] Add fallback for missing /proc/1/mounts #1172 + [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add support for RedHat 8 + Adjust dependencies on spec file + Disable dwarf compression in go build golang-github-wrouesnel-postgres_exporter: - Add support for RedHat 8 + Adjust dependencies on spec file + Disable dwarf compression in go build mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly "successful" and "successfully" - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202006-14428=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202006-14428=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.9.1 mgr-cfg-4.1.2-5.12.1 mgr-cfg-actions-4.1.2-5.12.1 mgr-cfg-client-4.1.2-5.12.1 mgr-cfg-management-4.1.2-5.12.1 mgr-custom-info-4.1.1-5.6.1 mgr-daemon-4.1.1-5.14.1 mgr-daemon-debuginfo-4.1.1-5.14.1 mgr-daemon-debugsource-4.1.1-5.14.1 mgr-osad-4.1.2-5.15.1 mgr-push-4.1.1-5.6.1 mgr-virtualization-host-4.1.1-5.14.1 python2-mgr-cfg-4.1.2-5.12.1 python2-mgr-cfg-actions-4.1.2-5.12.1 python2-mgr-cfg-client-4.1.2-5.12.1 python2-mgr-cfg-management-4.1.2-5.12.1 python2-mgr-osa-common-4.1.2-5.15.1 python2-mgr-osad-4.1.2-5.15.1 python2-mgr-push-4.1.1-5.6.1 python2-mgr-virtualization-common-4.1.1-5.14.1 python2-mgr-virtualization-host-4.1.1-5.14.1 python2-rhnlib-4.1.2-12.22.1 python2-spacewalk-check-4.1.5-27.32.1 python2-spacewalk-client-setup-4.1.5-27.32.1 python2-spacewalk-client-tools-4.1.5-27.32.1 python2-spacewalk-koan-4.1.1-9.12.1 python2-spacewalk-oscap-4.1.1-6.12.2 python2-suseRegisterInfo-4.1.2-6.9.1 python2-uyuni-common-libs-4.1.5-5.3.1 python2-zypp-plugin-spacewalk-1.0.7-27.15.1 spacecmd-4.1.4-18.63.1 spacewalk-check-4.1.5-27.32.1 spacewalk-client-setup-4.1.5-27.32.1 spacewalk-client-tools-4.1.5-27.32.1 spacewalk-koan-4.1.1-9.12.1 spacewalk-oscap-4.1.1-6.12.2 suseRegisterInfo-4.1.2-6.9.1 uyuni-base-common-4.1.1-5.3.1 zypp-plugin-spacewalk-1.0.7-27.15.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-5.6.1 golang-github-wrouesnel-postgres_exporter-0.4.7-5.6.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.1.1-6.15.1 supportutils-plugin-susemanager-client-4.1.2-9.15.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.9.1 mgr-cfg-4.1.2-5.12.1 mgr-cfg-actions-4.1.2-5.12.1 mgr-cfg-client-4.1.2-5.12.1 mgr-cfg-management-4.1.2-5.12.1 mgr-custom-info-4.1.1-5.6.1 mgr-daemon-4.1.1-5.14.1 mgr-daemon-debuginfo-4.1.1-5.14.1 mgr-daemon-debugsource-4.1.1-5.14.1 mgr-osad-4.1.2-5.15.1 mgr-push-4.1.1-5.6.1 mgr-virtualization-host-4.1.1-5.14.1 python2-mgr-cfg-4.1.2-5.12.1 python2-mgr-cfg-actions-4.1.2-5.12.1 python2-mgr-cfg-client-4.1.2-5.12.1 python2-mgr-cfg-management-4.1.2-5.12.1 python2-mgr-osa-common-4.1.2-5.15.1 python2-mgr-osad-4.1.2-5.15.1 python2-mgr-push-4.1.1-5.6.1 python2-mgr-virtualization-common-4.1.1-5.14.1 python2-mgr-virtualization-host-4.1.1-5.14.1 python2-rhnlib-4.1.2-12.22.1 python2-spacewalk-check-4.1.5-27.32.1 python2-spacewalk-client-setup-4.1.5-27.32.1 python2-spacewalk-client-tools-4.1.5-27.32.1 python2-spacewalk-koan-4.1.1-9.12.1 python2-spacewalk-oscap-4.1.1-6.12.2 python2-suseRegisterInfo-4.1.2-6.9.1 python2-uyuni-common-libs-4.1.5-5.3.1 python2-zypp-plugin-spacewalk-1.0.7-27.15.1 spacecmd-4.1.4-18.63.1 spacewalk-check-4.1.5-27.32.1 spacewalk-client-setup-4.1.5-27.32.1 spacewalk-client-tools-4.1.5-27.32.1 spacewalk-koan-4.1.1-9.12.1 spacewalk-oscap-4.1.1-6.12.2 suseRegisterInfo-4.1.2-6.9.1 uyuni-base-common-4.1.1-5.3.1 zypp-plugin-spacewalk-1.0.7-27.15.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-5.6.1 golang-github-wrouesnel-postgres_exporter-0.4.7-5.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.1.1-6.15.1 supportutils-plugin-susemanager-client-4.1.2-9.15.1 References: https://bugzilla.suse.com/1113160 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1154968 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165921 https://bugzilla.suse.com/1168310 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172462 From sle-updates at lists.suse.com Mon Jul 20 23:16:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:16:24 +0200 (CEST) Subject: SUSE-RU-2020:1981-1: moderate: Recommended update for SUSE Manager 4.0.7 Release Notes Message-ID: <20200721051624.319CDFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.0.7 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1981-1 Rating: moderate References: #1153234 #1159226 #1162843 #1164836 #1166516 #1167265 #1167871 #1168805 #1168845 #1169207 #1169209 #1169520 #1169535 #1169550 #1169553 #1169604 #1169773 #1169779 #1170046 #1170197 #1170462 #1170824 #1171169 #1171251 #1171287 #1171461 #1171491 #1171494 #1171526 #1171687 #1171859 #1171880 #1171885 #1172190 #1172269 #1172286 #1172462 #1172558 #1172627 #1172712 #1173896 #1173946 #1174167 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 43 recommended fixes can now be installed. Description: This update for SUSE Manager 4.0.7 Release Notes provides the following additions: Release notes for SUSE Manager proxy: - Revision 4.0.7 - bugs mentioned bsc#1162843, bsc#1167265, bsc#1168805, bsc#1169535, bsc#1169773, bsc#1171169, bsc#1171251, bsc#1171494, bsc#1171687, bsc#1171885, bsc#1172269, bsc#1172462 Release notes for SUSE Manager: - Update to 4.0.7 - bugs mentioned bsc#1153234, bsc#1159226, bsc#1162843, bsc#1164836, bsc#1166516, bsc#1167871, bsc#1168805, bsc#1168845, bsc#1169207, bsc#1169209, bsc#1169520, bsc#1169550, bsc#1169553, bsc#1169604, bsc#1169773, bsc#1169779, bsc#1170046, bsc#1170197, bsc#1170462, bsc#1170824, bsc#1171251, bsc#1171287, bsc#1171461, bsc#1171491, bsc#1171494, bsc#1171526, bsc#1171687, bsc#1171859, bsc#1171880, bsc#1171885, bsc#1172190, bsc#1172269, bsc#1172286, bsc#1172558, bsc#1172627, bsc#1172712, bsc#1173896, bsc#1173946, bsc#1174167 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2020-1981=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2020-1981=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2020-1981=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.7-3.48.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.7-0.16.32.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.7-0.16.32.1 References: https://bugzilla.suse.com/1153234 https://bugzilla.suse.com/1159226 https://bugzilla.suse.com/1162843 https://bugzilla.suse.com/1164836 https://bugzilla.suse.com/1166516 https://bugzilla.suse.com/1167265 https://bugzilla.suse.com/1167871 https://bugzilla.suse.com/1168805 https://bugzilla.suse.com/1168845 https://bugzilla.suse.com/1169207 https://bugzilla.suse.com/1169209 https://bugzilla.suse.com/1169520 https://bugzilla.suse.com/1169535 https://bugzilla.suse.com/1169550 https://bugzilla.suse.com/1169553 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169773 https://bugzilla.suse.com/1169779 https://bugzilla.suse.com/1170046 https://bugzilla.suse.com/1170197 https://bugzilla.suse.com/1170462 https://bugzilla.suse.com/1170824 https://bugzilla.suse.com/1171169 https://bugzilla.suse.com/1171251 https://bugzilla.suse.com/1171287 https://bugzilla.suse.com/1171461 https://bugzilla.suse.com/1171491 https://bugzilla.suse.com/1171494 https://bugzilla.suse.com/1171526 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171859 https://bugzilla.suse.com/1171880 https://bugzilla.suse.com/1171885 https://bugzilla.suse.com/1172190 https://bugzilla.suse.com/1172269 https://bugzilla.suse.com/1172286 https://bugzilla.suse.com/1172462 https://bugzilla.suse.com/1172558 https://bugzilla.suse.com/1172627 https://bugzilla.suse.com/1172712 https://bugzilla.suse.com/1173896 https://bugzilla.suse.com/1173946 https://bugzilla.suse.com/1174167 From sle-updates at lists.suse.com Mon Jul 20 23:21:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:21:45 +0200 (CEST) Subject: SUSE-SU-2020:14429-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721052145.1FDF3FDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14429-1 Rating: moderate References: #1153090 #1153277 #1154940 #1155372 #1157465 #1159284 #1162327 #1163871 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix for TypeError in Tornado importer (bsc#1174165) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-client-tools-202006-14429=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+47.1 salt-minion-3000+ds-1+47.1 spacecmd-4.1.4-5.2 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Mon Jul 20 23:24:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:24:46 +0200 (CEST) Subject: SUSE-SU-2020:1973-1: moderate: Security update for Salt Message-ID: <20200721052446.AF3F6FDE4@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1973-1 Rating: moderate References: #1157465 #1159284 #1162327 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves three vulnerabilities and has 12 fixes is now available. Description: This update fixes the following issues: salt: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1973=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1973=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1973=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1973=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-updates at lists.suse.com Tue Jul 21 04:13:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 12:13:08 +0200 (CEST) Subject: SUSE-SU-2020:1984-1: moderate: Security update for openexr Message-ID: <20200721101308.1B513FC39@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1984-1 Rating: moderate References: #1173466 #1173467 #1173469 Cross-References: CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-1984=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1984=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1984=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.23.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 openexr-devel-2.1.0-6.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.23.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.23.1 openexr-2.1.0-6.23.1 openexr-debuginfo-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 References: https://www.suse.com/security/cve/CVE-2020-15304.html https://www.suse.com/security/cve/CVE-2020-15305.html https://www.suse.com/security/cve/CVE-2020-15306.html https://bugzilla.suse.com/1173466 https://bugzilla.suse.com/1173467 https://bugzilla.suse.com/1173469 From sle-updates at lists.suse.com Tue Jul 21 04:14:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 12:14:03 +0200 (CEST) Subject: SUSE-SU-2020:1983-1: important: Security update for tomcat Message-ID: <20200721101403.4E646FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1983-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-1983=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.3.1 tomcat-admin-webapps-9.0.36-3.3.1 tomcat-el-3_0-api-9.0.36-3.3.1 tomcat-jsp-2_3-api-9.0.36-3.3.1 tomcat-lib-9.0.36-3.3.1 tomcat-servlet-4_0-api-9.0.36-3.3.1 tomcat-webapps-9.0.36-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-updates at lists.suse.com Tue Jul 21 13:13:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 21:13:08 +0200 (CEST) Subject: SUSE-RU-2020:1988-1: moderate: Recommended update for azure-cli, azure-cli-acr, azure-cli-acs, azure-cli-advisor, azure-cli-ams, azure-cli-appservice, azure-cli-backup, azure-cli-batch, azure-cli-batchai, azure-cli-billing, azure-cli-cdn, azure-cli-cloud, azure-cli-cognitiveservices, azure-cli-command-modules-nspkg, azure-cli-component, azure-cli-configure, azure-cli-consumption, azure-cli-container, azure-cli-core, azure-cli-cosmosdb, azure-cli-dla, azure-cli-dls, azure-cli-dms, azure-cli-eventgrid, azure-cli-eventhubs, azure-cli-extension, azure-cli-feedback, azure-cli-find, azure-cli-interactive, azure-cli-iot, azure-cli-keyvault, azure-cli-lab, azure-cli-monitor, azure-cli-network, azure-cli-nspkg, azure-cli-profile, azure-cli-rdbms, azure-cli-redis, azure-cli-reservations, azure-cli-resource, azure-cli-role, azure-cli-search, azure-cli-servicebus, azure-cli-servicefabric, azure-cli-sql, azure-cli-storage, azure-cli-taskhelp, azure-cli-telemetry, azure-cli-vm Message-ID: <20200721191308.1BE1BFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-cli, azure-cli-acr, azure-cli-acs, azure-cli-advisor, azure-cli-ams, azure-cli-appservice, azure-cli-backup, azure-cli-batch, azure-cli-batchai, azure-cli-billing, azure-cli-cdn, azure-cli-cloud, azure-cli-cognitiveservices, azure-cli-command-modules-nspkg, azure-cli-component, azure-cli-configure, azure-cli-consumption, azure-cli-container, azure-cli-core, azure-cli-cosmosdb, azure-cli-dla, azure-cli-dls, azure-cli-dms, azure-cli-eventgrid, azure-cli-eventhubs, azure-cli-extension, azure-cli-feedback, azure-cli-find, azure-cli-interactive, azure-cli-iot, azure-cli-keyvault, azure-cli-lab, azure-cli-monitor, azure-cli-network, azure-cli-nspkg, azure-cli-profile, azure-cli-rdbms, azure-cli-redis, azure-cli-reservations, azure-cli-resource, azure-cli-role, azure-cli-search, azure-cli-servicebus, azure-cli-servicefabric, azure-cli-sql, azure-cli-storage, azure-cli-taskhelp, azure-cli-telemetry, azure-cli-vm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1988-1 Rating: moderate References: #1138748 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for azure-cli, azure-cli-acr, azure-cli-acs, azure-cli-advisor, azure-cli-ams, azure-cli-appservice, azure-cli-backup, azure-cli-batch, azure-cli-batchai, azure-cli-billing, azure-cli-cdn, azure-cli-cloud, azure-cli-cognitiveservices, azure-cli-command-modules-nspkg, azure-cli-component, azure-cli-configure, azure-cli-consumption, azure-cli-container, azure-cli-core, azure-cli-cosmosdb, azure-cli-dla, azure-cli-dls, azure-cli-dms, azure-cli-eventgrid, azure-cli-eventhubs, azure-cli-extension, azure-cli-feedback, azure-cli-find, azure-cli-interactive, azure-cli-iot, azure-cli-keyvault, azure-cli-lab, azure-cli-monitor, azure-cli-network, azure-cli-nspkg, azure-cli-profile, azure-cli-rdbms, azure-cli-redis, azure-cli-reservations, azure-cli-resource, azure-cli-role, azure-cli-search, azure-cli-servicebus, azure-cli-servicefabric, azure-cli-sql, azure-cli-storage, azure-cli-taskhelp, azure-cli-telemetry, azure-cli-vm fixes the following issues: Added the following packages for Microsoft Azure Commandline interfaces. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-1988=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-cli-2.0.45-2.6.1 azure-cli-acr-2.1.4-2.6.1 azure-cli-acs-2.3.2-2.6.1 azure-cli-advisor-0.6.0-2.3.1 azure-cli-ams-0.2.3-2.3.1 azure-cli-appservice-0.2.3-2.6.1 azure-cli-backup-1.2.1-2.6.1 azure-cli-batch-3.3.3-2.6.1 azure-cli-batchai-0.4.2-2.3.1 azure-cli-billing-0.2.0-2.6.1 azure-cli-cdn-0.1.1-2.6.1 azure-cli-cloud-2.1.0-2.6.1 azure-cli-cognitiveservices-0.2.1-2.6.1 azure-cli-command-modules-nspkg-2.0.1-2.6.1 azure-cli-component-2.0.7-2.6.1 azure-cli-configure-2.0.18-2.6.1 azure-cli-consumption-0.4.0-2.6.1 azure-cli-container-0.3.3-2.6.1 azure-cli-core-2.0.45-2.6.1 azure-cli-cosmosdb-0.2.1-2.6.1 azure-cli-dla-0.2.2-2.6.1 azure-cli-dls-0.1.1-2.6.1 azure-cli-dms-0.1.0-2.3.1 azure-cli-eventgrid-0.2.0-2.6.1 azure-cli-eventhubs-0.2.3-2.3.1 azure-cli-extension-0.2.1-2.6.1 azure-cli-feedback-2.1.4-2.6.1 azure-cli-find-0.2.12-2.6.1 azure-cli-interactive-0.3.28-2.6.1 azure-cli-iot-0.3.1-2.6.1 azure-cli-keyvault-2.2.2-2.6.1 azure-cli-lab-0.1.1-2.6.1 azure-cli-monitor-0.2.3-2.6.1 azure-cli-network-2.2.4-2.6.1 azure-cli-nspkg-3.0.2-2.6.1 azure-cli-profile-2.1.1-2.6.1 azure-cli-rdbms-0.3.1-2.6.1 azure-cli-redis-0.3.2-2.6.1 azure-cli-reservations-0.3.2-2.3.1 azure-cli-resource-2.1.3-2.6.1 azure-cli-role-2.1.4-2.6.1 azure-cli-search-0.1.1-2.3.1 azure-cli-servicebus-0.2.2-2.3.1 azure-cli-servicefabric-0.1.2-2.6.1 azure-cli-sql-2.1.3-2.6.1 azure-cli-storage-2.2.1-2.6.1 azure-cli-taskhelp-0.1.7-2.6.1 azure-cli-telemetry-1.0.0-2.3.1 azure-cli-vm-2.2.2-2.6.1 References: https://bugzilla.suse.com/1138748 From sle-updates at lists.suse.com Tue Jul 21 13:14:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 21:14:33 +0200 (CEST) Subject: SUSE-RU-2020:1986-1: moderate: Recommended update for openvswitch Message-ID: <20200721191433.F2F55FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1986-1 Rating: moderate References: #1172861 #1172929 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1986=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1986=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1986=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-1986=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1986=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1986=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.0-9.3.5 libopenvswitch-2_13-0-debuginfo-2.13.0-9.3.5 libovn-20_03-0-20.03.0-9.3.5 libovn-20_03-0-debuginfo-20.03.0-9.3.5 openvswitch-2.13.0-9.3.5 openvswitch-debuginfo-2.13.0-9.3.5 openvswitch-debugsource-2.13.0-9.3.5 openvswitch-devel-2.13.0-9.3.5 openvswitch-ipsec-2.13.0-9.3.5 openvswitch-pki-2.13.0-9.3.5 openvswitch-test-2.13.0-9.3.5 openvswitch-test-debuginfo-2.13.0-9.3.5 openvswitch-vtep-2.13.0-9.3.5 openvswitch-vtep-debuginfo-2.13.0-9.3.5 ovn-20.03.0-9.3.5 ovn-central-20.03.0-9.3.5 ovn-devel-20.03.0-9.3.5 ovn-docker-20.03.0-9.3.5 ovn-host-20.03.0-9.3.5 ovn-vtep-20.03.0-9.3.5 python3-Twisted-19.10.0-3.2.6 python3-Twisted-debuginfo-19.10.0-3.2.6 python3-ovs-2.13.0-9.3.5 python3-zope.interface-4.4.2-3.2.1 python3-zope.interface-debuginfo-4.4.2-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le x86_64): dpdk-19.11.1-3.2.1 dpdk-debuginfo-19.11.1-3.2.1 dpdk-debugsource-19.11.1-3.2.1 dpdk-devel-19.11.1-3.2.1 dpdk-devel-debuginfo-19.11.1-3.2.1 dpdk-kmp-default-19.11.1_k5.3.18_22-3.2.1 dpdk-kmp-default-debuginfo-19.11.1_k5.3.18_22-3.2.1 dpdk-tools-19.11.1-3.2.1 dpdk-tools-debuginfo-19.11.1-3.2.1 libdpdk-20_0-19.11.1-3.2.1 libdpdk-20_0-debuginfo-19.11.1-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): dpdk-thunderx-19.11.1-3.2.1 dpdk-thunderx-debuginfo-19.11.1-3.2.1 dpdk-thunderx-debugsource-19.11.1-3.2.1 dpdk-thunderx-devel-19.11.1-3.2.1 dpdk-thunderx-devel-debuginfo-19.11.1-3.2.1 dpdk-thunderx-kmp-default-19.11.1_k5.3.18_22-3.2.1 dpdk-thunderx-kmp-default-debuginfo-19.11.1_k5.3.18_22-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): python3-Automat-0.6.0-3.2.1 python3-PyHamcrest-1.9.0-3.2.2 python3-attrs-19.3.0-3.2.1 python3-constantly-15.1.0-3.2.1 python3-h2-3.2.0-3.2.2 python3-hpack-3.0.0-3.2.1 python3-hyperframe-5.2.0-3.2.1 python3-hyperlink-17.2.1-3.2.1 python3-incremental-17.5.0-3.2.1 python3-pyserial-3.4-3.2.1 python3-service_identity-18.1.0-3.2.1 python3-sortedcontainers-2.1.0-3.2.4 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-pyserial-3.4-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-pyserial-3.4-3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-pyserial-3.4-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_13-0-2.13.0-9.3.5 libopenvswitch-2_13-0-debuginfo-2.13.0-9.3.5 openvswitch-debuginfo-2.13.0-9.3.5 openvswitch-debugsource-2.13.0-9.3.5 python3-ovs-2.13.0-9.3.5 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libdpdk-20_0-19.11.1-3.2.1 libdpdk-20_0-debuginfo-19.11.1-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-pyserial-3.4-3.2.1 python3-sortedcontainers-2.1.0-3.2.4 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-pyserial-3.4-3.2.1 References: https://bugzilla.suse.com/1172861 https://bugzilla.suse.com/1172929 From sle-updates at lists.suse.com Tue Jul 21 13:15:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 21:15:24 +0200 (CEST) Subject: SUSE-RU-2020:1987-1: important: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Message-ID: <20200721191524.BA278FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1987-1 Rating: important References: #1172477 #1173336 #1174011 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1987=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1987=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-1987=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.5.1 libsolv-debugsource-0.7.14-3.5.1 perl-solv-0.7.14-3.5.1 perl-solv-debuginfo-0.7.14-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.5.1 libsolv-debugsource-0.7.14-3.5.1 libsolv-devel-0.7.14-3.5.1 libsolv-devel-debuginfo-0.7.14-3.5.1 libsolv-tools-0.7.14-3.5.1 libsolv-tools-debuginfo-0.7.14-3.5.1 libzypp-17.24.1-3.11.1 libzypp-debuginfo-17.24.1-3.11.1 libzypp-debugsource-17.24.1-3.11.1 libzypp-devel-17.24.1-3.11.1 python3-solv-0.7.14-3.5.1 python3-solv-debuginfo-0.7.14-3.5.1 ruby-solv-0.7.14-3.5.1 ruby-solv-debuginfo-0.7.14-3.5.1 yast2-packager-4.2.64-3.3.4 yast2-pkg-bindings-4.2.8-3.3.4 yast2-pkg-bindings-debuginfo-4.2.8-3.3.4 yast2-pkg-bindings-debugsource-4.2.8-3.3.4 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.14-3.5.1 libzypp-17.24.1-3.11.1 yast2-packager-4.2.64-3.3.4 yast2-pkg-bindings-4.2.8-3.3.4 References: https://bugzilla.suse.com/1172477 https://bugzilla.suse.com/1173336 https://bugzilla.suse.com/1174011 From sle-updates at lists.suse.com Tue Jul 21 13:16:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2020 21:16:22 +0200 (CEST) Subject: SUSE-RU-2020:1989-1: important: Recommended update to SLES-releases Message-ID: <20200721191622.9BDDDFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update to SLES-releases ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1989-1 Rating: important References: #1173582 Affected Products: SUSE Linux Enterprise Server 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2020-1989=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (aarch64 ppc64le s390x x86_64): sles-release-15.2-49.1 References: https://bugzilla.suse.com/1173582 From sle-updates at lists.suse.com Tue Jul 21 16:13:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 00:13:58 +0200 (CEST) Subject: SUSE-SU-2020:1991-1: important: Security update for xrdp Message-ID: <20200721221358.2D7EDFC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1991-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1991=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1991=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1991=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1991=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1991=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1991=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1991=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1991=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1991=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1991=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1991=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - HPE Helion Openstack 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-updates at lists.suse.com Tue Jul 21 16:16:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 00:16:49 +0200 (CEST) Subject: SUSE-SU-2020:1990-1: important: Security update for webkit2gtk3 Message-ID: <20200721221649.A0B10FC39@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1990-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1990=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1990=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1990=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1990=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2 typelib-1_0-WebKit2-4_0-2.28.3-3.57.2 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-updates at lists.suse.com Tue Jul 21 19:12:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 03:12:50 +0200 (CEST) Subject: SUSE-SU-2020:1992-1: important: Security update for webkit2gtk3 Message-ID: <20200722011250.57D7FFC39@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1992-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1992=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1992=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1 typelib-1_0-WebKit2-4_0-2.28.3-3.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1 webkit2gtk3-debugsource-2.28.3-3.3.1 webkit2gtk3-devel-2.28.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1 libwebkit2gtk-4_0-37-2.28.3-3.3.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1 webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1 webkit2gtk3-debugsource-2.28.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.28.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-updates at lists.suse.com Wed Jul 22 04:13:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:13:19 +0200 (CEST) Subject: SUSE-RU-2020:1996-1: important: Recommended update for python-kiwi Message-ID: <20200722101319.699CFFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1996-1 Rating: important References: #1173985 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Reimplement 'kversion' helper tool to fix an issue causing error in kiwi. (bsc#1173985) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-1996=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1996=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): kiwi-pxeboot-9.20.5-3.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.20.5-3.19.1 dracut-kiwi-live-9.20.5-3.19.1 dracut-kiwi-oem-dump-9.20.5-3.19.1 dracut-kiwi-oem-repart-9.20.5-3.19.1 dracut-kiwi-overlay-9.20.5-3.19.1 kiwi-man-pages-9.20.5-3.19.1 kiwi-tools-9.20.5-3.19.1 kiwi-tools-debuginfo-9.20.5-3.19.1 python-kiwi-debugsource-9.20.5-3.19.1 python3-kiwi-9.20.5-3.19.1 References: https://bugzilla.suse.com/1173985 From sle-updates at lists.suse.com Wed Jul 22 04:14:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:14:06 +0200 (CEST) Subject: SUSE-RU-2020:1997-1: important: Recommended update for crmsh Message-ID: <20200722101406.DBC6AFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1997-1 Rating: important References: #1166644 #1166962 #1167220 #1169581 #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for collecting of binary data to avoid CRC error in report. (bsc#1166962) - Implement ssh key configuration improvement to avoid security issues. (bsc#1169581, ECO-2035) - Fix for using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) - Fix for 'crm' resource refresh to complete. (bsc#1167220) - Update man page about completion example of 'crm' resource. (bsc#1166644) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1997=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1594286044.7a596d12-5.3.1 crmsh-scripts-4.2.0+git.1594286044.7a596d12-5.3.1 References: https://bugzilla.suse.com/1166644 https://bugzilla.suse.com/1166962 https://bugzilla.suse.com/1167220 https://bugzilla.suse.com/1169581 https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Wed Jul 22 04:15:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:15:35 +0200 (CEST) Subject: SUSE-RU-2020:1994-1: important: Recommended update for apache2 Message-ID: <20200722101535.24E56FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1994-1 Rating: important References: #1172708 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - Fix for an issue when Apache can crash due to OpenSSL isse in mod_ssl even if another module or library uses OpenSSL. (bsc at 1172708, SG#57603) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1994=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1994=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1994=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1994=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1994=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1994=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1994=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1994=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1994=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1994=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1994=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1994=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1994=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1994=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1994=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1994=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-devel-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.57.1 apache2-debuginfo-2.4.23-29.57.1 apache2-debugsource-2.4.23-29.57.1 apache2-example-pages-2.4.23-29.57.1 apache2-prefork-2.4.23-29.57.1 apache2-prefork-debuginfo-2.4.23-29.57.1 apache2-utils-2.4.23-29.57.1 apache2-utils-debuginfo-2.4.23-29.57.1 apache2-worker-2.4.23-29.57.1 apache2-worker-debuginfo-2.4.23-29.57.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.57.1 References: https://bugzilla.suse.com/1172708 From sle-updates at lists.suse.com Wed Jul 22 04:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:16:26 +0200 (CEST) Subject: SUSE-RU-2020:1999-1: moderate: Recommended update for dracut Message-ID: <20200722101626.5EFBBFDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1999-1 Rating: moderate References: #1172807 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - PXE boot process times out (bsc#1172807) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1999=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-044.2-18.67.1 dracut-debuginfo-044.2-18.67.1 dracut-debugsource-044.2-18.67.1 dracut-fips-044.2-18.67.1 dracut-ima-044.2-18.67.1 References: https://bugzilla.suse.com/1172807 From sle-updates at lists.suse.com Wed Jul 22 04:17:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:17:13 +0200 (CEST) Subject: SUSE-RU-2020:1995-1: moderate: Recommended update for alsa Message-ID: <20200722101713.A81C0FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1995-1 Rating: moderate References: #1171246 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa fixes the following issues: - Add UCM profile for ASUS Chromebook C300. (bsc#1171246) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1995=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): alsa-1.1.5-6.9.2 alsa-debugsource-1.1.5-6.9.2 alsa-devel-1.1.5-6.9.2 libasound2-1.1.5-6.9.2 libasound2-debuginfo-1.1.5-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libasound2-32bit-1.1.5-6.9.2 libasound2-32bit-debuginfo-1.1.5-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): alsa-1.1.5-6.9.2 alsa-debugsource-1.1.5-6.9.2 alsa-devel-1.1.5-6.9.2 libasound2-1.1.5-6.9.2 libasound2-debuginfo-1.1.5-6.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libasound2-32bit-1.1.5-6.9.2 libasound2-32bit-debuginfo-1.1.5-6.9.2 References: https://bugzilla.suse.com/1171246 From sle-updates at lists.suse.com Wed Jul 22 04:18:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:18:39 +0200 (CEST) Subject: SUSE-RU-2020:1993-1: moderate: Recommended update for yast2-network Message-ID: <20200722101839.BDC70FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1993-1 Rating: moderate References: #1167256 #1168479 #1169663 #1172444 #1172922 #1173213 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Do not remove automatically aliases from /etc/hosts during an autoinstallation. (bsc#1173213) - Avoid error when accessing to Bond Slaves in s390. (bsc#1172444). - AutoYaST: Udev rules are written or copied to the target system properly when defined in the profile. (bsc#1169663) - AutoYaST: Fixed the copy or merge of the linuxrc interfaces configuration when the installation network configuration is selected to be kept. - Do not export interfaces section when there are no aliases to export. (bsc#1172922) - Try to install the wireless-tools package when the package is not installed and the wifi networks are scanned. (bsc#1168479) - Fix for parse the udev rules keys correctly using underscores. (bsc#1167256) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1993=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.72-3.7.1 References: https://bugzilla.suse.com/1167256 https://bugzilla.suse.com/1168479 https://bugzilla.suse.com/1169663 https://bugzilla.suse.com/1172444 https://bugzilla.suse.com/1172922 https://bugzilla.suse.com/1173213 From sle-updates at lists.suse.com Wed Jul 22 04:19:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:19:57 +0200 (CEST) Subject: SUSE-RU-2020:1998-1: moderate: Recommended update for libcryptopp Message-ID: <20200722101957.8C1F0FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcryptopp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1998-1 Rating: moderate References: #1174308 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcryptopp fixes the following issues: The libcryptopp cryptographic package is added to SLES 15-SP1 [jsc#SLE-12744]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1998=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1998=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libcryptopp-debugsource-5.6.5-1.3.1 libcryptopp-devel-5.6.5-1.3.1 libcryptopp5_6_5-5.6.5-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libcryptopp-debugsource-5.6.5-1.3.1 libcryptopp-devel-5.6.5-1.3.1 libcryptopp5_6_5-5.6.5-1.3.1 References: https://bugzilla.suse.com/1174308 From sle-updates at lists.suse.com Wed Jul 22 04:20:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 12:20:49 +0200 (CEST) Subject: SUSE-RU-2020:2000-1: important: Recommended update for efivar Message-ID: <20200722102049.0E4F9FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for efivar ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2000-1 Rating: important References: #1100077 #1101023 #1120862 #1127544 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2000=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2000=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): efivar-37-6.3.1 efivar-debuginfo-37-6.3.1 efivar-debugsource-37-6.3.1 efivar-devel-37-6.3.1 libefivar1-37-6.3.1 libefivar1-debuginfo-37-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): efivar-37-6.3.1 efivar-debuginfo-37-6.3.1 efivar-debugsource-37-6.3.1 efivar-devel-37-6.3.1 libefivar1-37-6.3.1 libefivar1-debuginfo-37-6.3.1 References: https://bugzilla.suse.com/1100077 https://bugzilla.suse.com/1101023 https://bugzilla.suse.com/1120862 https://bugzilla.suse.com/1127544 From sle-updates at lists.suse.com Wed Jul 22 07:13:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 15:13:03 +0200 (CEST) Subject: SUSE-RU-2020:2002-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20200722131303.01AE5FDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2002-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issue: - Live kernel patching update data. (bsc#1020320) New data for 4_12_14-122_23, 4_12_14-122_26, 4_12_14-95_54, 4_4_121-92_129, 4_4_121-92_135, 4_4_180-94_116, 4_4_180-94_121, 4_4_180-94_124 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2002=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2002=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2002=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2001=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2001=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2020-2001=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2020-2001=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.33.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.33.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.33.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.67.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.67.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.67.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.67.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Jul 22 10:13:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 18:13:43 +0200 (CEST) Subject: SUSE-RU-2020:1811-1: moderate: Recommended update for skelcd-control-leanos Message-ID: <20200722161343.DADCFFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for skelcd-control-leanos ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1811-1 Rating: moderate References: #1173204 Affected Products: SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for skelcd-control-leanos fixes the following issues: - Removed a not needed repository initialization step in AutoYaST, it causes problems with unsigned repositories used by SUSE Manager (bsc#1173204) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-1811=1 Package List: - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): skelcd-control-leanos-15.2.12-3.3.1 References: https://bugzilla.suse.com/1173204 From sle-updates at lists.suse.com Wed Jul 22 12:02:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 20:02:27 +0200 (CEST) Subject: SUSE-CU-2020:367-1: Recommended update of suse/sle15 Message-ID: <20200722180227.EF0E7FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:367-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.705 Container Release : 8.2.705 Severity : important Type : recommended References : 1172477 1173336 1173582 1174011 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) From sle-updates at lists.suse.com Wed Jul 22 13:12:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 21:12:50 +0200 (CEST) Subject: SUSE-SU-2020:2009-1: moderate: Security update for vino Message-ID: <20200722191250.043F6FDE4@maintenance.suse.de> SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2009-1 Rating: moderate References: #1155419 Cross-References: CVE-2019-15681 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2009=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): vino-3.22.0-3.6.76 vino-debuginfo-3.22.0-3.6.76 vino-debugsource-3.22.0-3.6.76 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): vino-lang-3.22.0-3.6.76 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://bugzilla.suse.com/1155419 From sle-updates at lists.suse.com Wed Jul 22 13:13:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 21:13:32 +0200 (CEST) Subject: SUSE-SU-2020:2008-1: important: Security update for java-11-openjdk Message-ID: <20200722191332.F2D57FDE4@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2008-1 Rating: important References: #1174157 Cross-References: CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing "allocate" naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2008=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.8.0-3.12.1 java-11-openjdk-debuginfo-11.0.8.0-3.12.1 java-11-openjdk-debugsource-11.0.8.0-3.12.1 java-11-openjdk-demo-11.0.8.0-3.12.1 java-11-openjdk-devel-11.0.8.0-3.12.1 java-11-openjdk-headless-11.0.8.0-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14562.html https://www.suse.com/security/cve/CVE-2020-14573.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 From sle-updates at lists.suse.com Wed Jul 22 13:14:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2020 21:14:15 +0200 (CEST) Subject: SUSE-RU-2020:2006-1: moderate: Recommended update for postgresql, postgresql12 Message-ID: <20200722191415.28863FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql, postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2006-1 Rating: moderate References: #1148643 #1171924 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql, postgresql12 fixes the following issues: Postgresql12 was updated to 12.3 (bsc#1171924). - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/12/release-12-3.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Also changed in the postgresql wrapper package: - Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with. - Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover. - Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2006=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2006=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2006=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-12.3-8.3.3 libecpg6-debuginfo-12.3-8.3.3 postgresql12-contrib-12.3-8.3.3 postgresql12-contrib-debuginfo-12.3-8.3.3 postgresql12-debuginfo-12.3-8.3.3 postgresql12-debugsource-12.3-8.3.3 postgresql12-devel-12.3-8.3.3 postgresql12-devel-debuginfo-12.3-8.3.3 postgresql12-plperl-12.3-8.3.3 postgresql12-plperl-debuginfo-12.3-8.3.3 postgresql12-plpython-12.3-8.3.3 postgresql12-plpython-debuginfo-12.3-8.3.3 postgresql12-pltcl-12.3-8.3.3 postgresql12-pltcl-debuginfo-12.3-8.3.3 postgresql12-server-12.3-8.3.3 postgresql12-server-debuginfo-12.3-8.3.3 postgresql12-server-devel-12.3-8.3.3 postgresql12-server-devel-debuginfo-12.3-8.3.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql-contrib-12.0.1-4.3.2 postgresql-devel-12.0.1-4.3.2 postgresql-docs-12.0.1-4.3.2 postgresql-plperl-12.0.1-4.3.2 postgresql-plpython-12.0.1-4.3.2 postgresql-pltcl-12.0.1-4.3.2 postgresql-server-12.0.1-4.3.2 postgresql-server-devel-12.0.1-4.3.2 postgresql12-docs-12.3-8.3.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): postgresql-test-12.0.1-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-12.3-8.3.3 libpq5-debuginfo-12.3-8.3.3 postgresql12-12.3-8.3.3 postgresql12-debuginfo-12.3-8.3.3 postgresql12-debugsource-12.3-8.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-12.3-8.3.3 libpq5-32bit-debuginfo-12.3-8.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): postgresql-12.0.1-4.3.2 References: https://bugzilla.suse.com/1148643 https://bugzilla.suse.com/1171924 From sle-updates at lists.suse.com Thu Jul 23 04:18:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 12:18:22 +0200 (CEST) Subject: SUSE-RU-2020:2012-1: moderate: Recommended update for flatpak Message-ID: <20200723101822.7C2F3FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for flatpak ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2012-1 Rating: moderate References: #1169619 #1170416 #1172316 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for flatpak fixes the following issues: - Fix for missing directories by creating a 'skeleton flatpak' repository using 'flatpak remotes' instead of creating the directory manually. (bsc#1172316, bsc#1169619, bsc#1170416) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2012=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): flatpak-1.6.3-4.3.1 flatpak-debuginfo-1.6.3-4.3.1 flatpak-debugsource-1.6.3-4.3.1 flatpak-devel-1.6.3-4.3.1 flatpak-zsh-completion-1.6.3-4.3.1 libflatpak0-1.6.3-4.3.1 libflatpak0-debuginfo-1.6.3-4.3.1 system-user-flatpak-1.6.3-4.3.1 typelib-1_0-Flatpak-1_0-1.6.3-4.3.1 References: https://bugzilla.suse.com/1169619 https://bugzilla.suse.com/1170416 https://bugzilla.suse.com/1172316 From sle-updates at lists.suse.com Thu Jul 23 04:21:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 12:21:53 +0200 (CEST) Subject: SUSE-SU-2020:2015-1: important: Security update for qemu Message-ID: <20200723102153.27A0AFF0B@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2015-1 Rating: important References: #1172383 #1172384 #1172386 #1172495 #1172710 Cross-References: CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2015=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.4.4 qemu-block-curl-4.2.1-11.4.4 qemu-block-curl-debuginfo-4.2.1-11.4.4 qemu-block-iscsi-4.2.1-11.4.4 qemu-block-iscsi-debuginfo-4.2.1-11.4.4 qemu-block-rbd-4.2.1-11.4.4 qemu-block-rbd-debuginfo-4.2.1-11.4.4 qemu-block-ssh-4.2.1-11.4.4 qemu-block-ssh-debuginfo-4.2.1-11.4.4 qemu-debuginfo-4.2.1-11.4.4 qemu-debugsource-4.2.1-11.4.4 qemu-guest-agent-4.2.1-11.4.4 qemu-guest-agent-debuginfo-4.2.1-11.4.4 qemu-lang-4.2.1-11.4.4 qemu-ui-spice-app-4.2.1-11.4.4 qemu-ui-spice-app-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.4.4 qemu-arm-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.4.4 qemu-ppc-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.4.4 qemu-microvm-4.2.1-11.4.4 qemu-seabios-1.12.1+-11.4.4 qemu-sgabios-8-11.4.4 qemu-vgabios-1.12.1+-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.4.4 qemu-audio-alsa-debuginfo-4.2.1-11.4.4 qemu-audio-pa-4.2.1-11.4.4 qemu-audio-pa-debuginfo-4.2.1-11.4.4 qemu-ui-curses-4.2.1-11.4.4 qemu-ui-curses-debuginfo-4.2.1-11.4.4 qemu-ui-gtk-4.2.1-11.4.4 qemu-ui-gtk-debuginfo-4.2.1-11.4.4 qemu-x86-4.2.1-11.4.4 qemu-x86-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.4.4 qemu-s390-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.4.4 qemu-debugsource-4.2.1-11.4.4 qemu-tools-4.2.1-11.4.4 qemu-tools-debuginfo-4.2.1-11.4.4 References: https://www.suse.com/security/cve/CVE-2020-10761.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13800.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172495 https://bugzilla.suse.com/1172710 From sle-updates at lists.suse.com Thu Jul 23 07:13:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:13:00 +0200 (CEST) Subject: SUSE-RU-2020:2022-1: moderate: Recommended update for perf Message-ID: <20200723131300.05471FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2022-1 Rating: moderate References: #1169763 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf fixes the following issues: - Add support for new IBM S390 z15 deflate counters (bsc#1169763) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2022=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perf-5.3.18-25.3.1 perf-debuginfo-5.3.18-25.3.1 perf-debugsource-5.3.18-25.3.1 References: https://bugzilla.suse.com/1169763 From sle-updates at lists.suse.com Thu Jul 23 07:13:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:13:48 +0200 (CEST) Subject: SUSE-RU-2020:2018-1: moderate: Recommended update for apparmor Message-ID: <20200723131348.62005FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2018-1 Rating: moderate References: #1172040 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Add 'UI_Showfile' so Yast shows the profile correctly. (bsc#1172040) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2018=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.4-3.3.1 apache2-mod_apparmor-debuginfo-2.13.4-3.3.1 apparmor-debugsource-2.13.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.13.4-3.3.1 apparmor-parser-2.13.4-3.3.1 apparmor-parser-debuginfo-2.13.4-3.3.1 libapparmor-debugsource-2.13.4-3.3.1 libapparmor-devel-2.13.4-3.3.1 libapparmor1-2.13.4-3.3.1 libapparmor1-debuginfo-2.13.4-3.3.1 pam_apparmor-2.13.4-3.3.1 pam_apparmor-debuginfo-2.13.4-3.3.1 perl-apparmor-2.13.4-3.3.1 perl-apparmor-debuginfo-2.13.4-3.3.1 python3-apparmor-2.13.4-3.3.1 python3-apparmor-debuginfo-2.13.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): apparmor-abstractions-2.13.4-3.3.1 apparmor-docs-2.13.4-3.3.1 apparmor-parser-lang-2.13.4-3.3.1 apparmor-profiles-2.13.4-3.3.1 apparmor-utils-2.13.4-3.3.1 apparmor-utils-lang-2.13.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libapparmor1-32bit-2.13.4-3.3.1 libapparmor1-32bit-debuginfo-2.13.4-3.3.1 pam_apparmor-32bit-2.13.4-3.3.1 pam_apparmor-32bit-debuginfo-2.13.4-3.3.1 References: https://bugzilla.suse.com/1172040 From sle-updates at lists.suse.com Thu Jul 23 07:14:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:14:38 +0200 (CEST) Subject: SUSE-RU-2020:2023-1: moderate: Recommended update for nodejs12 Message-ID: <20200723131438.CBCD2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2023-1 Rating: moderate References: #1173653 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nodejs12 fixes the following issues: - Fixes reported memory leak. (bsc#1173653) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2023=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.18.2-1.17.1 nodejs12-debuginfo-12.18.2-1.17.1 nodejs12-debugsource-12.18.2-1.17.1 nodejs12-devel-12.18.2-1.17.1 npm12-12.18.2-1.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.18.2-1.17.1 References: https://bugzilla.suse.com/1173653 From sle-updates at lists.suse.com Thu Jul 23 07:15:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:15:24 +0200 (CEST) Subject: SUSE-RU-2020:2019-1: moderate: Recommended update for pacemaker Message-ID: <20200723131524.97247FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2019-1 Rating: moderate References: #1171372 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - Fixes handling of fence-agents through its parameters in pacemaker (bsc#1171372) - Implement priority fencing delay to make a coordinated, successful fencing in case of 'split-brain'. (jsc#ECO-1611, jsc#SLE-12237) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2019=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-3.12.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.12.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-remote-2.0.1+20190417.13d370ca9-3.12.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-3.12.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-3.12.1 References: https://bugzilla.suse.com/1171372 From sle-updates at lists.suse.com Thu Jul 23 07:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:16:09 +0200 (CEST) Subject: SUSE-RU-2020:2017-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200723131609.E0D38FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2017-1 Rating: moderate References: #1173581 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581) - Fix for documentation of some parameter defaults. - Adjust start/stop/promote/monitor action timeouts to match official recommendations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2017=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): SAPHanaSR-0.154.1-15.2.17.1 SAPHanaSR-doc-0.154.1-15.2.17.1 References: https://bugzilla.suse.com/1173581 From sle-updates at lists.suse.com Thu Jul 23 07:16:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:16:55 +0200 (CEST) Subject: SUSE-RU-2020:2021-1: moderate: Recommended update for pacemaker Message-ID: <20200723131655.27C5FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2021-1 Rating: moderate References: #1171372 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - Fixes handling of fence-agents through its parameters in pacemaker (bsc#1171372) - Implement priority fencing delay to make a coordinated, successful fencing in case of 'split-brain'. (jsc#ECO-1611, jsc#SLE-12237) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2021=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.24.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.24.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.24.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.24.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.24.1 References: https://bugzilla.suse.com/1171372 From sle-updates at lists.suse.com Thu Jul 23 07:17:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 15:17:40 +0200 (CEST) Subject: SUSE-RU-2020:2020-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200723131740.99CA3FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2020-1 Rating: moderate References: #1173581 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581) - Fix for documentation of some parameter defaults. - Adjust start/stop/promote/monitor action timeouts to match official recommendations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2020=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2020=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2020=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.154.1-3.14.1 SAPHanaSR-doc-0.154.1-3.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.154.1-3.14.1 SAPHanaSR-doc-0.154.1-3.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-0.154.1-3.14.1 SAPHanaSR-doc-0.154.1-3.14.1 References: https://bugzilla.suse.com/1173581 From sle-updates at lists.suse.com Thu Jul 23 10:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:14:20 +0200 (CEST) Subject: SUSE-SU-2020:2027-1: important: Security update for the Linux Kernel Message-ID: <20200723161420.6E5CEFC39@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2027-1 Rating: important References: #1058115 #1065729 #1071995 #1085030 #1148868 #1152472 #1152489 #1153274 #1154353 #1154492 #1155518 #1155798 #1156395 #1157169 #1158050 #1158242 #1158265 #1158748 #1158765 #1158983 #1159781 #1159867 #1160947 #1161495 #1162002 #1162063 #1162400 #1162702 #1164648 #1164777 #1164780 #1165211 #1165975 #1166985 #1167104 #1167651 #1167773 #1168230 #1168779 #1168838 #1169021 #1169094 #1169194 #1169514 #1169681 #1170011 #1170284 #1170442 #1170617 #1170774 #1170879 #1170891 #1170895 #1171150 #1171189 #1171191 #1171219 #1171220 #1171246 #1171417 #1171513 #1171529 #1171530 #1171662 #1171688 #1171699 #1171732 #1171739 #1171743 #1171759 #1171828 #1171868 #1171904 #1171915 #1171982 #1171983 #1172017 #1172046 #1172061 #1172062 #1172063 #1172064 #1172065 #1172066 #1172067 #1172068 #1172069 #1172073 #1172086 #1172095 #1172169 #1172170 #1172208 #1172223 #1172342 #1172343 #1172344 #1172365 #1172366 #1172374 #1172391 #1172393 #1172394 #1172453 #1172458 #1172467 #1172484 #1172537 #1172543 #1172687 #1172719 #1172739 #1172751 #1172759 #1172775 #1172781 #1172782 #1172783 #1172814 #1172823 #1172841 #1172871 #1172938 #1172939 #1172940 #1172956 #1172983 #1172984 #1172985 #1172986 #1172987 #1172988 #1172989 #1172990 #1172999 #1173060 #1173068 #1173085 #1173139 #1173206 #1173271 #1173280 #1173284 #1173428 #1173438 #1173461 #1173514 #1173552 #1173573 #1173625 #1173746 #1173776 #1173817 #1173818 #1173820 #1173822 #1173823 #1173824 #1173825 #1173826 #1173827 #1173828 #1173830 #1173831 #1173832 #1173833 #1173834 #1173836 #1173837 #1173838 #1173839 #1173841 #1173843 #1173844 #1173845 #1173847 #1173860 #1173894 #1174018 #1174244 #1174345 Cross-References: CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 162 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). The following non-security bugs were fixed: - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - Add a GIT commit ID of already cherry-picked x86/platform patch - Add cherry-picked ID to the already applied pinctrl patch - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" (git-fixes). - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to "flash_device" (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not "select" CONFIG_DMADEVICES (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - Disable PINCTRL_TIGERLAKE - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - Fix boot crash with MD (bsc#1173860) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) Delete obsoleted downstream fix - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: do not let vrate run wild while there's no saturation signal (bsc1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Uplevel the pmem "region" ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert "staging: imgu: Address a compiler warning on alignment" (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - Move an upstreamed sound patch into sorted section - Move upstreamed IMA patches into sorted section - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - p54usb: add AirVasT USB stick device-id (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (git-fixes). - Revert "drm/amd/display: disable dcn20 abm feature for bring up" (git-fixes). - Revert "fs/seq_file.c: seq_read(): add info message about buggy .next functions" (bsc#1172751) - Revert "i2c: tegra: Fix suspending in active runtime PM state" (git-fixes). - Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm/modules.fips: * add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bsk - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use "smp_mb()" to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow "CFLIST" to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - Update patch reference for intel_th patch (jsc#SLE-12705) - Update patch reference tag for ACPI lockdown fix (bsc#1173573) - Update the patch reference for ish-hid fix (jsc#SLE-12683) - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2027=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.5.1 kernel-azure-debuginfo-5.3.18-18.5.1 kernel-azure-debugsource-5.3.18-18.5.1 kernel-azure-devel-5.3.18-18.5.1 kernel-azure-devel-debuginfo-5.3.18-18.5.1 kernel-syms-azure-5.3.18-18.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.5.1 kernel-source-azure-5.3.18-18.5.1 References: https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158050 https://bugzilla.suse.com/1158242 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158748 https://bugzilla.suse.com/1158765 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159781 https://bugzilla.suse.com/1159867 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161495 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1162400 https://bugzilla.suse.com/1162702 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1164777 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1165211 https://bugzilla.suse.com/1165975 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167651 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168230 https://bugzilla.suse.com/1168779 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1169021 https://bugzilla.suse.com/1169094 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169681 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1170879 https://bugzilla.suse.com/1170891 https://bugzilla.suse.com/1170895 https://bugzilla.suse.com/1171150 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171246 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171513 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171699 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171828 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171915 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172046 https://bugzilla.suse.com/1172061 https://bugzilla.suse.com/1172062 https://bugzilla.suse.com/1172063 https://bugzilla.suse.com/1172064 https://bugzilla.suse.com/1172065 https://bugzilla.suse.com/1172066 https://bugzilla.suse.com/1172067 https://bugzilla.suse.com/1172068 https://bugzilla.suse.com/1172069 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172086 https://bugzilla.suse.com/1172095 https://bugzilla.suse.com/1172169 https://bugzilla.suse.com/1172170 https://bugzilla.suse.com/1172208 https://bugzilla.suse.com/1172223 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172365 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172374 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172393 https://bugzilla.suse.com/1172394 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172467 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172543 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172739 https://bugzilla.suse.com/1172751 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172814 https://bugzilla.suse.com/1172823 https://bugzilla.suse.com/1172841 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172938 https://bugzilla.suse.com/1172939 https://bugzilla.suse.com/1172940 https://bugzilla.suse.com/1172956 https://bugzilla.suse.com/1172983 https://bugzilla.suse.com/1172984 https://bugzilla.suse.com/1172985 https://bugzilla.suse.com/1172986 https://bugzilla.suse.com/1172987 https://bugzilla.suse.com/1172988 https://bugzilla.suse.com/1172989 https://bugzilla.suse.com/1172990 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173068 https://bugzilla.suse.com/1173085 https://bugzilla.suse.com/1173139 https://bugzilla.suse.com/1173206 https://bugzilla.suse.com/1173271 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173438 https://bugzilla.suse.com/1173461 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173552 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173625 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173776 https://bugzilla.suse.com/1173817 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173822 https://bugzilla.suse.com/1173823 https://bugzilla.suse.com/1173824 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173827 https://bugzilla.suse.com/1173828 https://bugzilla.suse.com/1173830 https://bugzilla.suse.com/1173831 https://bugzilla.suse.com/1173832 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173834 https://bugzilla.suse.com/1173836 https://bugzilla.suse.com/1173837 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173841 https://bugzilla.suse.com/1173843 https://bugzilla.suse.com/1173844 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173847 https://bugzilla.suse.com/1173860 https://bugzilla.suse.com/1173894 https://bugzilla.suse.com/1174018 https://bugzilla.suse.com/1174244 https://bugzilla.suse.com/1174345 From sle-updates at lists.suse.com Thu Jul 23 10:37:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:37:31 +0200 (CEST) Subject: SUSE-SU-2020:2029-1: moderate: Security update for libraw Message-ID: <20200723163731.A6A40FC39@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2029-1 Rating: moderate References: #1173674 Cross-References: CVE-2020-15503 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2029=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2029=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libraw-debuginfo-0.18.9-3.11.1 libraw-debugsource-0.18.9-3.11.1 libraw-devel-0.18.9-3.11.1 libraw16-0.18.9-3.11.1 libraw16-debuginfo-0.18.9-3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libraw-debuginfo-0.18.9-3.11.1 libraw-debugsource-0.18.9-3.11.1 libraw-devel-0.18.9-3.11.1 libraw16-0.18.9-3.11.1 libraw16-debuginfo-0.18.9-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-15503.html https://bugzilla.suse.com/1173674 From sle-updates at lists.suse.com Thu Jul 23 10:38:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:38:12 +0200 (CEST) Subject: SUSE-SU-2020:2028-1: moderate: Security update for libraw Message-ID: <20200723163812.1E2B6FC39@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2028-1 Rating: moderate References: #1173674 Cross-References: CVE-2020-15503 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2028=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2028=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libraw-debugsource-0.15.4-33.1 libraw9-0.15.4-33.1 libraw9-debuginfo-0.15.4-33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-33.1 libraw-devel-0.15.4-33.1 libraw-devel-static-0.15.4-33.1 libraw9-0.15.4-33.1 libraw9-debuginfo-0.15.4-33.1 References: https://www.suse.com/security/cve/CVE-2020-15503.html https://bugzilla.suse.com/1173674 From sle-updates at lists.suse.com Thu Jul 23 10:38:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:38:54 +0200 (CEST) Subject: SUSE-SU-2020:14437-1: moderate: Security update for samba Message-ID: <20200723163854.32FC8FC39@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14437-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14437=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14437=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14437=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14437=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.26.1 libldb1-3.6.3-94.26.1 libsmbclient0-3.6.3-94.26.1 libtalloc2-3.6.3-94.26.1 libtdb1-3.6.3-94.26.1 libtevent0-3.6.3-94.26.1 libwbclient0-3.6.3-94.26.1 samba-3.6.3-94.26.1 samba-client-3.6.3-94.26.1 samba-krb-printing-3.6.3-94.26.1 samba-winbind-3.6.3-94.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.26.1 libtalloc2-32bit-3.6.3-94.26.1 libtdb1-32bit-3.6.3-94.26.1 libtevent0-32bit-3.6.3-94.26.1 libwbclient0-32bit-3.6.3-94.26.1 samba-32bit-3.6.3-94.26.1 samba-client-32bit-3.6.3-94.26.1 samba-winbind-32bit-3.6.3-94.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.26.1 libldb1-3.6.3-94.26.1 libsmbclient0-3.6.3-94.26.1 libtalloc2-3.6.3-94.26.1 libtdb1-3.6.3-94.26.1 libtevent0-3.6.3-94.26.1 libwbclient0-3.6.3-94.26.1 samba-3.6.3-94.26.1 samba-client-3.6.3-94.26.1 samba-krb-printing-3.6.3-94.26.1 samba-winbind-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.26.1 samba-debugsource-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.26.1 samba-debugsource-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.26.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-updates at lists.suse.com Thu Jul 23 10:39:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:39:38 +0200 (CEST) Subject: SUSE-SU-2020:2025-1: moderate: Security update for perl-YAML-LibYAML Message-ID: <20200723163938.9E6DBFC39@maintenance.suse.de> SUSE Security Update: Security update for perl-YAML-LibYAML ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2025-1 Rating: moderate References: #1173703 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: [bsc#1173703] * Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. * Clarify documentation about exported functions * Dump() was modifying original data, adding a PV to numbers * Support standard tags !!str, !!map and !!seq instead of dying. * Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean. * Fix regex roundtrip. Fix loading of many regexes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2025=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2025=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perl-YAML-LibYAML-0.69-3.3.1 perl-YAML-LibYAML-debuginfo-0.69-3.3.1 perl-YAML-LibYAML-debugsource-0.69-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perl-YAML-LibYAML-0.69-3.3.1 perl-YAML-LibYAML-debuginfo-0.69-3.3.1 perl-YAML-LibYAML-debugsource-0.69-3.3.1 References: https://bugzilla.suse.com/1173703 From sle-updates at lists.suse.com Thu Jul 23 10:40:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:40:21 +0200 (CEST) Subject: SUSE-RU-2020:2024-1: moderate: Recommended update for crmsh Message-ID: <20200723164021.7A9CAFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2024-1 Rating: moderate References: #1170426 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fix 'yaml' loader warning for HAWK2 wizard. (bsc#1170426) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2024=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): crmsh-2.2.0+git.1594715859.932310b6-21.8.1 crmsh-scripts-2.2.0+git.1594715859.932310b6-21.8.1 References: https://bugzilla.suse.com/1170426 From sle-updates at lists.suse.com Thu Jul 23 13:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2020 21:13:29 +0200 (CEST) Subject: SUSE-SU-2020:2032-1: important: Security update for freerdp Message-ID: <20200723191329.1B755FDE4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2032-1 Rating: important References: #1169679 #1169748 #1171441 #1171443 #1171444 #1171445 #1171446 #1171447 #1171474 #1173247 #1173605 #1174200 Cross-References: CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to "WLOG_TRACE". - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2032=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): freerdp-2.1.2-10.15.1 freerdp-debuginfo-2.1.2-10.15.1 freerdp-debugsource-2.1.2-10.15.1 freerdp-devel-2.1.2-10.15.1 libfreerdp2-2.1.2-10.15.1 libfreerdp2-debuginfo-2.1.2-10.15.1 libwinpr2-2.1.2-10.15.1 libwinpr2-debuginfo-2.1.2-10.15.1 winpr2-devel-2.1.2-10.15.1 References: https://www.suse.com/security/cve/CVE-2020-11017.html https://www.suse.com/security/cve/CVE-2020-11018.html https://www.suse.com/security/cve/CVE-2020-11019.html https://www.suse.com/security/cve/CVE-2020-11038.html https://www.suse.com/security/cve/CVE-2020-11039.html https://www.suse.com/security/cve/CVE-2020-11040.html https://www.suse.com/security/cve/CVE-2020-11041.html https://www.suse.com/security/cve/CVE-2020-11043.html https://www.suse.com/security/cve/CVE-2020-11085.html https://www.suse.com/security/cve/CVE-2020-11086.html https://www.suse.com/security/cve/CVE-2020-11087.html https://www.suse.com/security/cve/CVE-2020-11088.html https://www.suse.com/security/cve/CVE-2020-11089.html https://www.suse.com/security/cve/CVE-2020-11095.html https://www.suse.com/security/cve/CVE-2020-11096.html https://www.suse.com/security/cve/CVE-2020-11097.html https://www.suse.com/security/cve/CVE-2020-11098.html https://www.suse.com/security/cve/CVE-2020-11099.html https://www.suse.com/security/cve/CVE-2020-11521.html https://www.suse.com/security/cve/CVE-2020-11522.html https://www.suse.com/security/cve/CVE-2020-11523.html https://www.suse.com/security/cve/CVE-2020-11524.html https://www.suse.com/security/cve/CVE-2020-11525.html https://www.suse.com/security/cve/CVE-2020-11526.html https://www.suse.com/security/cve/CVE-2020-13396.html https://www.suse.com/security/cve/CVE-2020-13397.html https://www.suse.com/security/cve/CVE-2020-13398.html https://www.suse.com/security/cve/CVE-2020-4030.html https://www.suse.com/security/cve/CVE-2020-4031.html https://www.suse.com/security/cve/CVE-2020-4032.html https://www.suse.com/security/cve/CVE-2020-4033.html https://bugzilla.suse.com/1169679 https://bugzilla.suse.com/1169748 https://bugzilla.suse.com/1171441 https://bugzilla.suse.com/1171443 https://bugzilla.suse.com/1171444 https://bugzilla.suse.com/1171445 https://bugzilla.suse.com/1171446 https://bugzilla.suse.com/1171447 https://bugzilla.suse.com/1171474 https://bugzilla.suse.com/1173247 https://bugzilla.suse.com/1173605 https://bugzilla.suse.com/1174200 From sle-updates at lists.suse.com Fri Jul 24 04:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 12:13:37 +0200 (CEST) Subject: SUSE-RU-2020:2033-1: moderate: Recommended update for yast2 Message-ID: <20200724101337.9E301FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2033-1 Rating: moderate References: #1162514 #1173447 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Improve actions to stop and start a system service. (bsc#1162514) - Avoid failure when downloading release notes from an inoperative proxy. (bsc#1173447) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2033=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.85-3.5.1 yast2-logs-4.2.85-3.5.1 References: https://bugzilla.suse.com/1162514 https://bugzilla.suse.com/1173447 From sle-updates at lists.suse.com Fri Jul 24 04:14:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 12:14:29 +0200 (CEST) Subject: SUSE-RU-2020:2034-1: important: Recommended update for crmsh Message-ID: <20200724101429.A88C2FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2034-1 Rating: important References: #1166962 #1169581 #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for collecting of binary data to avoid CRC error in report. (bsc#1166962) - Implement ssh key configuration improvement to avoid security issues. (bsc#1169581, ECO-2035) - Fix for using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2034=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1594697133.dcecb3ec-3.25.1 crmsh-scripts-4.1.0+git.1594697133.dcecb3ec-3.25.1 References: https://bugzilla.suse.com/1166962 https://bugzilla.suse.com/1169581 https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Fri Jul 24 07:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 15:13:31 +0200 (CEST) Subject: SUSE-RU-2020:2035-1: moderate: Recommended update for Patterns in Advanced Systems Management Module Message-ID: <20200724131331.5955FFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for Patterns in Advanced Systems Management Module ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2035-1 Rating: moderate References: #1101632 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of the patterns in the Advanced Systems Management Module provide the following fix: - provide also the previous misspelled pattern as provides to avoid conflicts (bsc#1101632). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-2035=1 Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): patterns-adv-sys-mgmt-CFEngine-12-9.3.1 patterns-adv-sys-mgmt-Machinery-12-9.3.1 patterns-adv-sys-mgmt-Puppet-12-9.3.1 References: https://bugzilla.suse.com/1101632 From sle-updates at lists.suse.com Fri Jul 24 10:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:12:53 +0200 (CEST) Subject: SUSE-SU-2020:2045-1: important: Security update for tomcat Message-ID: <20200724161253.287EEFC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2045-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: CVE-2020-13934 (bsc#1174121) CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2045=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2045=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2045=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2045=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-updates at lists.suse.com Fri Jul 24 10:13:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:13:44 +0200 (CEST) Subject: SUSE-SU-2020:2037-1: important: Security update for tomcat Message-ID: <20200724161344.0FAC8FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2037-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2037=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2037=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2037=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2037=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2037=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-updates at lists.suse.com Fri Jul 24 10:14:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:14:33 +0200 (CEST) Subject: SUSE-RU-2020:2042-1: moderate: Recommended update for SAPHanaSR Message-ID: <20200724161433.6B176FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2042-1 Rating: moderate References: #1173581 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581) - Fix for documentation of some parameter defaults. - Adjust start/stop/promote/monitor action timeouts to match official recommendations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-2042=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2042=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2042=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-0.154.1-4.14.1 SAPHanaSR-doc-0.154.1-4.14.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.154.1-4.14.1 SAPHanaSR-doc-0.154.1-4.14.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.154.1-4.14.1 SAPHanaSR-doc-0.154.1-4.14.1 References: https://bugzilla.suse.com/1173581 From sle-updates at lists.suse.com Fri Jul 24 10:15:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:15:16 +0200 (CEST) Subject: SUSE-SU-2020:2036-1: moderate: Security update for samba Message-ID: <20200724161516.9E623FC39@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2036-1 Rating: moderate References: #1169473 #1169521 #1172810 #1173160 #1173429 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - Fixed a packaging issue where samba_winbind package was installing python3-base without python3 (bsc#1169521). - Fixed an issue with spnego fallback from kerberos to ntlmssp in smbd server (bsc#1169473). - Fixed ntlm authentications with "winbind use default domain = yes" (bsc#1173429). - Added solution for upgrade problem with libsmbldap2 package (bsc#1172810). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2036=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2036=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2036=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient-devel-4.10.5+git.192.26ffbcd7231-3.11.1 samba-core-devel-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc-binding0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc-binding0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.5+git.192.26ffbcd7231-3.11.1 ctdb-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1169473 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1172810 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173429 From sle-updates at lists.suse.com Fri Jul 24 10:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:16:26 +0200 (CEST) Subject: SUSE-RU-2020:2043-1: moderate: Recommended update for installation-images Message-ID: <20200724161626.17E6EFC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2043-1 Rating: moderate References: #1158522 #1172853 #1173204 #1173336 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for installation-images fixes the following issues: - Fixes an issue with no hostqn and hostid and generate them for NVMe in the install system. (bsc#1172853) - Add missed file to instsys to fix failing openQA test in 'windows_client_remotelogin'. (bsc#1158522) - Do not ask for registration when install= points to a repository, (bsc#1173336) - Make it possible to use unsigned repositories. (bsc#1173204) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2043=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): tftpboot-installation-SLE-15-SP2-aarch64-14.472-3.3.2 tftpboot-installation-SLE-15-SP2-ppc64le-14.472-3.3.2 tftpboot-installation-SLE-15-SP2-s390x-14.472-3.3.2 tftpboot-installation-SLE-15-SP2-x86_64-14.472-3.3.2 References: https://bugzilla.suse.com/1158522 https://bugzilla.suse.com/1172853 https://bugzilla.suse.com/1173204 https://bugzilla.suse.com/1173336 From sle-updates at lists.suse.com Fri Jul 24 10:17:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:17:31 +0200 (CEST) Subject: SUSE-RU-2020:2039-1: moderate: Recommended update for yast2-registration Message-ID: <20200724161731.326F6FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2039-1 Rating: moderate References: #1162755 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration fixes the following issues: - Fix for an issue when during SCC registration indicating a wrong version. (bsc#1162755) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2039=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-registration-4.2.42-3.3.2 References: https://bugzilla.suse.com/1162755 From sle-updates at lists.suse.com Fri Jul 24 10:18:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:18:14 +0200 (CEST) Subject: SUSE-RU-2020:2044-1: moderate: Recommended update for gdm Message-ID: <20200724161814.B3101FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2044-1 Rating: moderate References: #1171290 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: -Fix for an issue when user session reuses tty7 same as greeter session, gdm doesn't bring up the greeter session after switching from other tty to tty7. (bsc#1171290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2044=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gdm-3.34.1-8.3.1 gdm-debuginfo-3.34.1-8.3.1 gdm-debugsource-3.34.1-8.3.1 gdm-devel-3.34.1-8.3.1 libgdm1-3.34.1-8.3.1 libgdm1-debuginfo-3.34.1-8.3.1 typelib-1_0-Gdm-1_0-3.34.1-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gdm-lang-3.34.1-8.3.1 gdm-systemd-3.34.1-8.3.1 gdmflexiserver-3.34.1-8.3.1 References: https://bugzilla.suse.com/1171290 From sle-updates at lists.suse.com Fri Jul 24 10:18:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:18:59 +0200 (CEST) Subject: SUSE-SU-2020:2048-1: important: Security update for mailman Message-ID: <20200724161859.F0A7DFC39@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2048-1 Rating: important References: #1173369 Cross-References: CVE-2020-15011 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2048=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2048=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2048=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2048=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2048=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2048=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2048=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2048=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2048=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2048=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2048=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2048=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2048=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 9 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 7 (s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Enterprise Storage 5 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - HPE Helion Openstack 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 References: https://www.suse.com/security/cve/CVE-2020-15011.html https://bugzilla.suse.com/1173369 From sle-updates at lists.suse.com Fri Jul 24 10:19:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:19:44 +0200 (CEST) Subject: SUSE-SU-2020:2047-1: important: Security update for tomcat Message-ID: <20200724161944.273D7FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2047-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2047=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.6.1 tomcat-admin-webapps-9.0.36-3.6.1 tomcat-el-3_0-api-9.0.36-3.6.1 tomcat-jsp-2_3-api-9.0.36-3.6.1 tomcat-lib-9.0.36-3.6.1 tomcat-servlet-4_0-api-9.0.36-3.6.1 tomcat-webapps-9.0.36-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-updates at lists.suse.com Fri Jul 24 10:20:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:20:29 +0200 (CEST) Subject: SUSE-SU-2020:2041-1: moderate: Security update for rust, rust-cbindgen Message-ID: <20200724162029.D6396FC39@maintenance.suse.de> SUSE Security Update: Security update for rust, rust-cbindgen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2041-1 Rating: moderate References: #1115645 #1154817 #1173202 Cross-References: CVE-2020-1967 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example; `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement `TryFrom>`,`TryFrom>`, and `TryFrom>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSet`. - `string::FromUtf8Error` now implements `Clone + Eq`. + Stabilized APIs - `Once::is_completed` - `f32::LOG10_2` - `f32::LOG2_10` - `f64::LOG10_2` - `f64::LOG2_10` - `iter::once_with` + Cargo - You can now set config `[profile]`s in your `.cargo/config`, or through your environment. - Cargo will now set `CARGO_BIN_EXE_` pointing to a binary's executable path when running integration tests or benchmarks. `` is the name of your binary as-is e.g. If you wanted the executable path for a binary named `my-program`you would use `env!("CARGO_BIN_EXE_my-program")`. + Misc - Certain checks in the `const_err` lint were deemed unrelated to const evaluation, and have been moved to the `unconditional_panic` and `arithmetic_overflow` lints. + Compatibility Notes - Having trailing syntax in the `assert!` macro is now a hard error. This has been a warning since 1.36.0. - Fixed `Self` not having the correctly inferred type. This incorrectly led to some instances being accepted, and now correctly emits a hard error. Update to version 1.42.0: + Language - You can now use the slice pattern syntax with subslices. - You can now use #[repr(transparent)] on univariant enums. Meaning that you can create an enum that has the exact layout and ABI of the type it contains. - There are some syntax-only changes: * default is syntactically allowed before items in trait definitions. * Items in impls (i.e. consts, types, and fns) may syntactically leave out their bodies in favor of ;. * Bounds on associated types in impls are now syntactically allowed (e.g. type Foo: Ord;). * ... (the C-variadic type) may occur syntactically directly as the type of any function parameter. These are still rejected semantically, so you will likely receive an error but these changes can be seen and parsed by procedural macros and conditional compilation. + Compiler - Added tier 2 support for armv7a-none-eabi. - Added tier 2 support for riscv64gc-unknown-linux-gnu. - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap, unwrap_err} now produce panic messages pointing to the location where they were called, rather than core's internals. Refer to Rust's platform support page for more information on Rust's tiered platform support. + Libraries - iter::Empty now implements Send and Sync for any T. - Pin::{map_unchecked, map_unchecked_mut} no longer require the return type to implement Sized. - io::Cursor now derives PartialEq and Eq. - Layout::new is now const. - Added Standard Library support for riscv64gc-unknown-linux-gnu. + Stabilized APIs - CondVar::wait_while - CondVar::wait_timeout_while - DebugMap::key - DebugMap::value - ManuallyDrop::take - matches! - ptr::slice_from_raw_parts_mut - ptr::slice_from_raw_parts + Cargo - You no longer need to include extern crate proc_macro; to be able to use proc_macro; in the 2018 edition. + Compatibility Notes - Error::description has been deprecated, and its use will now produce a warning. It's recommended to use Display/to_string instead. Update to version 1.41.1: - Always check types of static items - Always check lifetime bounds of `Copy` impls - Fix miscompilation in callers of `Layout::repeat` Update to version 1.41.0: + Language - You can now pass type parameters to foreign items when implementing traits. E.g. You can now write `impl From for Vec {}`. - You can now arbitrarily nest receiver types in the `self` position. E.g. you can now write `fn foo(self: Box>) {}`. Previously only `Self`, `&Self`, `&mut Self`, `Arc`, `Rc`, and `Box` were allowed. - You can now use any valid identifier in a `format_args` macro. Previously identifiers starting with an underscore were not allowed. - Visibility modifiers (e.g. `pub`) are now syntactically allowed on trait items and enum variants. These are still rejected semantically, but can be seen and parsed by procedural macros and conditional compilation. + Compiler - Rustc will now warn if you have unused loop `'label`s. - Removed support for the `i686-unknown-dragonfly` target. - Added tier 3 support\* for the `riscv64gc-unknown-linux-gnu` target. - You can now pass an arguments file passing the `@path` syntax to rustc. Note that the format differs somewhat from what is found in other tooling; please see the documentation for more information. - You can now provide `--extern` flag without a path, indicating that it is available from the search path or specified with an `-L` flag. Refer to Rust's [platform support page][forge-platform-support] for more information on Rust's tiered platform support. + Libraries - The `core::panic` module is now stable. It was already stable through `std`. - `NonZero*` numerics now implement `From` if it's a smaller integer width. E.g. `NonZeroU16` now implements `From`. - `MaybeUninit` now implements `fmt::Debug`. + Stabilized APIs - `Result::map_or` - `Result::map_or_else` - `std::rc::Weak::weak_count` - `std::rc::Weak::strong_count` - `std::sync::Weak::weak_count` - `std::sync::Weak::strong_count` + Cargo - Cargo will now document all the private items for binary crates by default. - `cargo-install` will now reinstall the package if it detects that it is out of date. - Cargo.lock now uses a more git friendly format that should help to reduce merge conflicts. - You can now override specific dependencies's build settings. E.g. `[profile.dev.package.image] opt-level = 2` sets the `image` crate's optimisation level to `2` for debug builds. You can also use `[profile..build-override]` to override build scripts and their dependencies. + Misc - You can now specify `edition` in documentation code blocks to compile the block for that edition. E.g. `edition2018` tells rustdoc that the code sample should be compiled the 2018 edition of Rust. - You can now provide custom themes to rustdoc with `--theme`, and check the current theme with `--check-theme`. - You can use `#[cfg(doc)]` to compile an item when building documentation. + Compatibility Notes - As previously announced 1.41.0 will be the last tier 1 release for 32-bit Apple targets. This means that the source code is still available to build, but the targets are no longer being tested and release binaries for those platforms will no longer be distributed by the Rust project. Please refer to the linked blog post for more information. - Bump version of libssh2 for SLE15; we now need a version with libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0. Update to version 1.40.0 + Language - You can now use tuple `struct`s and tuple `enum` variant's constructors in `const` contexts. e.g. pub struct Point(i32, i32); const ORIGIN: Point = { let constructor = Point; constructor(0, 0) }; - You can now mark `struct`s, `enum`s, and `enum` variants with the `#[non_exhaustive]` attribute to indicate that there may be variants or fields added in the future. For example this requires adding a wild-card branch (`_ => {}`) to any match statements on a non-exhaustive `enum`. - You can now use function-like procedural macros in `extern` blocks and in type positions. e.g. `type Generated = macro!();` - Function-like and attribute procedural macros can now emit `macro_rules!` items, so you can now have your macros generate macros. - The `meta` pattern matcher in `macro_rules!` now correctly matches the modern attribute syntax. For example `(#[$m:meta])` now matches `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`. + Compiler - Added tier 3 support\* for the `thumbv7neon-unknown-linux-musleabihf` target. - Added tier 3 support for the `aarch64-unknown-none-softfloat` target. - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and `mips64el-unknown-linux-muslabi64` targets. + Libraries - The `is_power_of_two` method on unsigned numeric types is now a `const` function. + Stabilized APIs - BTreeMap::get_key_value - HashMap::get_key_value - Option::as_deref_mut - Option::as_deref - Option::flatten - UdpSocket::peer_addr - f32::to_be_bytes - f32::to_le_bytes - f32::to_ne_bytes - f64::to_be_bytes - f64::to_le_bytes - f64::to_ne_bytes - f32::from_be_bytes - f32::from_le_bytes - f32::from_ne_bytes - f64::from_be_bytes - f64::from_le_bytes - f64::from_ne_bytes - mem::take - slice::repeat - todo! + Cargo - Cargo will now always display warnings, rather than only on fresh builds. - Feature flags (except `--all-features`) passed to a virtual workspace will now produce an error. Previously these flags were ignored. - You can now publish `dev-dependencies` without including a `version`. + Misc - You can now specify the `#[cfg(doctest)]` attribute to include an item only when running documentation tests with `rustdoc`. + Compatibility Notes - As previously announced, any previous NLL warnings in the 2015 edition are now hard errors. - The `include!` macro will now warn if it failed to include the entire file. The `include!` macro unintentionally only includes the first _expression_ in a file, and this can be unintuitive. This will become either a hard error in a future release, or the behavior may be fixed to include all expressions as expected. - Using `#[inline]` on function prototypes and consts now emits a warning under `unused_attribute` lint. Using `#[inline]` anywhere else inside traits or `extern` blocks now correctly emits a hard error. Update to version 1.39.0 + Language - You can now create async functions and blocks with async fn, async move {}, and async {} respectively, and you can now call .await on async expressions. - You can now use certain attributes on function, closure, and function pointer parameters. - You can now take shared references to bind-by-move patterns in the if guards of match arms. + Compiler - Added tier 3 support for the i686-unknown-uefi target. - Added tier 3 support for the sparc64-unknown-openbsd target. - rustc will now trim code snippets in diagnostics to fit in your terminal. - You can now pass --show-output argument to test binaries to print the output of successful tests. + For more details: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019 -11-07 - Switch to bundled version of libgit2 for now. libgit2-sys seems to expect using the bundled variant, which just seems to point to a snapshot of the master branch and doesn't match any released libgit2 (bsc#1154817). See: https://github.com/rust-lang/rust/issues/63476 and https://github.com/rust-lang/git2-rs/issues/458 for details. Update to version 1.38.0 + Language - The `#[global_allocator]` attribute can now be used in submodules. - The `#[deprecated]` attribute can now be used on macros. + Compiler - Added pipelined compilation support to `rustc`. This will improve compilation times in some cases. + Libraries - `ascii::EscapeDefault` now implements `Clone` and `Display`. - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are now available at the same path as the trait. (e.g. The `Clone` derive macro is available at `std::clone::Clone`). This also makes all built-in macros available in `std`/`core` root. e.g. `std::include_bytes!`. - `str::Chars` now implements `Debug`. - `slice::{concat, connect, join}` now accepts `&[T]` in addition to `&T`. - `*const T` and `*mut T` now implement `marker::Unpin`. - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator`. - Added euclidean remainder and division operations (`div_euclid`, `rem_euclid`) to all numeric primitives. Additionally `checked`, `overflowing`, and `wrapping` versions are available for all integer primitives. - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`, and `PartialEq`. - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`. + Stabilized APIs - `<*const T>::cast` - `<*mut T>::cast` - `Duration::as_secs_f32` - `Duration::as_secs_f64` - `Duration::div_f32` - `Duration::div_f64` - `Duration::from_secs_f32` - `Duration::from_secs_f64` - `Duration::mul_f32` - `Duration::mul_f64` - `any::type_name` + Cargo - Added pipelined compilation support to `cargo`. - You can now pass the `--features` option multiple times to enable multiple features. + Misc - `rustc` will now warn about some incorrect uses of `mem::{uninitialized, zeroed}` that are known to cause undefined behaviour. Update to version 1.37.0 + Language - #[must_use] will now warn if the type is contained in a tuple, Box, or an array and unused. - You can now use the `cfg` and `cfg_attr` attributes on generic parameters. - You can now use enum variants through type alias. e.g. You can write the following: ``` type MyOption = Option; fn increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y) => y + 1, MyOption::None => 0, } } ``` - You can now use `_` as an identifier for consts. e.g. You can write `const _: u32 = 5;`. - You can now use `#[repr(align(X)]` on enums. - The `?` Kleene macro operator is now available in the 2015 edition. + Compiler - You can now enable Profile-Guided Optimization with the `-C profile-generate` and `-C profile-use` flags. For more information on how to use profile guided optimization, please refer to the rustc book. - The `rust-lldb` wrapper script should now work again. + Libraries - `mem::MaybeUninit` is now ABI-compatible with `T`. + Stabilized APIs - BufReader::buffer - BufWriter::buffer - Cell::from_mut - Cell<[T]>::as_slice_of_cells - Cell::as_slice_of_cells - DoubleEndedIterator::nth_back - Option::xor - Wrapping::reverse_bits - i128::reverse_bits - i16::reverse_bits - i32::reverse_bits - i64::reverse_bits - i8::reverse_bits - isize::reverse_bits - slice::copy_within - u128::reverse_bits - u16::reverse_bits - u32::reverse_bits - u64::reverse_bits - u8::reverse_bits - usize::reverse_bits + Cargo - Cargo.lock files are now included by default when publishing executable crates with executables. - You can now specify `default-run="foo"` in `[package]` to specify the default executable to use for `cargo run`. - cargo-vendor is now provided as a sub-command of cargo + Compatibility Notes - Using `...` for inclusive range patterns will now warn by default. Please transition your code to using the `..=` syntax for inclusive ranges instead. - Using a trait object without the `dyn` will now warn by default. Please transition your code to use `dyn Trait` for trait objects instead. Crab(String), Lobster(String), Person(String), let state = Creature::Crab("Ferris"); if let Creature::Crab(name) | Creature::Person(name) = state { println!("This creature's name is: {}", name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self { Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0, 0) => true, _ => false, } } Self: PartialOrd // can write `Self` instead of `List` Nil, Cons(T, Box) // likewise here fn test(&self) { println!("one"); } //~ ERROR duplicate definitions with name `test` fn test(&self) { println!("two"); } * Basic procedural macros allowing custom `#[derive]`, aka "macros 1.1", are stable. This allows popular code-generating crates like Serde and Diesel to work ergonomically. [RFC 1681]. * [Tuple structs may be empty. Unary and empty tuple structs may be instantiated with curly braces][36868]. Part of [RFC 1506]. * [A number of minor changes to name resolution have been activated][37127]. They add up to more consistent semantics, allowing for future evolution of Rust macros. Specified in [RFC 1560], see its section on ["changes"] for details of what is different. The breaking changes here have been transitioned through the [`legacy_imports`] lint since 1.14, with no known regressions. * [In `macro_rules`, `path` fragments can now be parsed as type parameter bounds][38279] * [`?Sized` can be used in `where` clauses][37791] * [There is now a limit on the size of monomorphized types and it can be modified with the `#![type_size_limit]` crate attribute, similarly to the `#![recursion_limit]` attribute][37789] * [On Windows, the compiler will apply dllimport attributes when linking to extern functions][37973]. Additional attributes and flags can control which library kind is linked and its name. [RFC 1717]. * [Rust-ABI symbols are no longer exported from cdylibs][38117] * [The `--test` flag works with procedural macro crates][38107] * [Fix `extern "aapcs" fn` ABI][37814] * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing. * [The `format!` expander recognizes incorrect `printf` and shell-style formatting directives and suggests the correct format][37613]. * [Only report one error for all unused imports in an import list][37456] * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705] * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979] * [Don't clone in `UnificationTable::probe`][37848] * [Remove `scope_auxiliary` to cut RSS by 10%][37764] * [Use small vectors in type walker][37760] * [Macro expansion performance was improved][37701] * [Change `HirVec>` to `HirVec` in `hir::Expr`][37642] * [Replace FNV with a faster hash function][37229] https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md rust-cbindgen is shipped in version 0.14.1. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2041=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2041=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cargo-1.43.1-12.1 cargo-debuginfo-1.43.1-12.1 clippy-1.43.1-12.1 clippy-debuginfo-1.43.1-12.1 rls-1.43.1-12.1 rls-debuginfo-1.43.1-12.1 rust-1.43.1-12.1 rust-analysis-1.43.1-12.1 rust-debuginfo-1.43.1-12.1 rust-debugsource-1.43.1-12.1 rust-std-static-1.43.1-12.1 rustfmt-1.43.1-12.1 rustfmt-debuginfo-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): rust-src-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cargo-1.43.1-12.1 cargo-debuginfo-1.43.1-12.1 clippy-1.43.1-12.1 clippy-debuginfo-1.43.1-12.1 rls-1.43.1-12.1 rls-debuginfo-1.43.1-12.1 rust-1.43.1-12.1 rust-analysis-1.43.1-12.1 rust-debuginfo-1.43.1-12.1 rust-debugsource-1.43.1-12.1 rust-std-static-1.43.1-12.1 rustfmt-1.43.1-12.1 rustfmt-debuginfo-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): rust-src-1.43.1-12.1 References: https://www.suse.com/security/cve/CVE-2020-1967.html https://bugzilla.suse.com/1115645 https://bugzilla.suse.com/1154817 https://bugzilla.suse.com/1173202 From sle-updates at lists.suse.com Fri Jul 24 10:23:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:23:07 +0200 (CEST) Subject: SUSE-RU-2020:2050-1: important: Recommended update for crmsh Message-ID: <20200724162307.6C101FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2050-1 Rating: important References: #1166962 #1169581 #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for collecting of binary data to avoid CRC error in report. (bsc#1166962) - Implement ssh key configuration improvement to avoid security issues. (bsc#1169581, ECO-2035) - Fix for using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2050=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2050=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1594697133.dcecb3ec-2.33.1 crmsh-scripts-4.1.0+git.1594697133.dcecb3ec-2.33.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1594697133.dcecb3ec-2.33.1 crmsh-scripts-4.1.0+git.1594697133.dcecb3ec-2.33.1 References: https://bugzilla.suse.com/1166962 https://bugzilla.suse.com/1169581 https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Fri Jul 24 10:24:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:24:12 +0200 (CEST) Subject: SUSE-RU-2020:2038-1: moderate: Recommended update for hawk2 Message-ID: <20200724162412.05AB0FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2038-1 Rating: moderate References: #1098637 #1137891 #1158681 #1165587 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hawk2 fixes the following issues: Update to version 2.2.0+git.1593534571.0edec1ee: - Update puma rubygem requirement to 2.16 for disabling TLSv1.0 and TLSv1.1. (jsc#SLE-6965) - Fix omission of built-in stonith attributes. (bsc#1165587) - Fix cib.xml parsing for acl_version. (bsc#1158681) - Add application/x-bzip2 mime type. (bsc#1098637) - Fix mime type issue in MS windows. (bsc#1098637) - Fix nameless cluster display. (bsc#1137891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2038=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2038=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): hawk2-2.2.0+git.1593796097.86578496-3.12.1 hawk2-debuginfo-2.2.0+git.1593796097.86578496-3.12.1 hawk2-debugsource-2.2.0+git.1593796097.86578496-3.12.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.2.0+git.1593796097.86578496-3.12.1 hawk2-debuginfo-2.2.0+git.1593796097.86578496-3.12.1 hawk2-debugsource-2.2.0+git.1593796097.86578496-3.12.1 References: https://bugzilla.suse.com/1098637 https://bugzilla.suse.com/1137891 https://bugzilla.suse.com/1158681 https://bugzilla.suse.com/1165587 From sle-updates at lists.suse.com Fri Jul 24 10:25:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:25:15 +0200 (CEST) Subject: SUSE-RU-2020:2040-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20200724162515.395F6FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2040-1 Rating: moderate References: #1170801 #1171224 #1172135 #1173106 #1174011 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2040=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2040=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2040=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.22.2 libsolv-debugsource-0.7.14-3.22.2 python-solv-0.7.14-3.22.2 python-solv-debuginfo-0.7.14-3.22.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.22.2 libsolv-debugsource-0.7.14-3.22.2 perl-solv-0.7.14-3.22.2 perl-solv-debuginfo-0.7.14-3.22.2 ruby-solv-0.7.14-3.22.2 ruby-solv-debuginfo-0.7.14-3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.14-3.22.2 libsolv-debugsource-0.7.14-3.22.2 libsolv-devel-0.7.14-3.22.2 libsolv-devel-debuginfo-0.7.14-3.22.2 libsolv-tools-0.7.14-3.22.2 libsolv-tools-debuginfo-0.7.14-3.22.2 libzypp-17.24.1-3.28.1 libzypp-debuginfo-17.24.1-3.28.1 libzypp-debugsource-17.24.1-3.28.1 libzypp-devel-17.24.1-3.28.1 python3-solv-0.7.14-3.22.2 python3-solv-debuginfo-0.7.14-3.22.2 References: https://bugzilla.suse.com/1170801 https://bugzilla.suse.com/1171224 https://bugzilla.suse.com/1172135 https://bugzilla.suse.com/1173106 https://bugzilla.suse.com/1174011 From sle-updates at lists.suse.com Fri Jul 24 10:26:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:26:25 +0200 (CEST) Subject: SUSE-SU-2020:2046-1: important: Security update for tomcat Message-ID: <20200724162625.EF74BFC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2046-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2046=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.41.2 tomcat-admin-webapps-9.0.36-4.41.2 tomcat-el-3_0-api-9.0.36-4.41.2 tomcat-jsp-2_3-api-9.0.36-4.41.2 tomcat-lib-9.0.36-4.41.2 tomcat-servlet-4_0-api-9.0.36-4.41.2 tomcat-webapps-9.0.36-4.41.2 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-updates at lists.suse.com Sat Jul 25 11:58:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jul 2020 19:58:34 +0200 (CEST) Subject: SUSE-CU-2020:368-1: Security update of suse/sle15 Message-ID: <20200725175834.E2733FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:368-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.271 Container Release : 6.2.271 Severity : moderate Type : security References : 1082318 1133297 1170801 1171224 1172135 1173106 1174011 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) From sle-updates at lists.suse.com Mon Jul 27 03:35:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2020 11:35:02 +0200 (CEST) Subject: SUSE-RU-2020:2051-1: moderate: Recommended update for nodejs12 Message-ID: <20200727093502.4C6F8FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2051-1 Rating: moderate References: #1173653 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nodejs12 fixes the following issues: - Fixes reported memory leak. (bsc#1173653) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2051=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.18.2-4.3.1 nodejs12-debuginfo-12.18.2-4.3.1 nodejs12-debugsource-12.18.2-4.3.1 nodejs12-devel-12.18.2-4.3.1 npm12-12.18.2-4.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.18.2-4.3.1 References: https://bugzilla.suse.com/1173653 From sle-updates at lists.suse.com Mon Jul 27 07:12:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2020 15:12:27 +0200 (CEST) Subject: SUSE-SU-2020:2053-1: moderate: Security update for rubygem-excon Message-ID: <20200727131227.5D7C2FDE4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-excon ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2053-1 Rating: moderate References: #1159342 Cross-References: CVE-2019-16779 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-excon fixes the following issues: - CVE-2019-16779: Fixed an information leak in the socket handling for persistent connections (bsc#1159342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2020-2053=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): ruby2.1-rubygem-excon-0.52.0-12.3.8 References: https://www.suse.com/security/cve/CVE-2019-16779.html https://bugzilla.suse.com/1159342 From sle-updates at lists.suse.com Mon Jul 27 13:12:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2020 21:12:09 +0200 (CEST) Subject: SUSE-SU-2020:2055-1: important: Security update for python-Django Message-ID: <20200727191209.74FCEFDE4@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2055-1 Rating: important References: #1172166 Cross-References: CVE-2020-13596 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - Fixed potential XSS in admin ForeignKeyRawIdWidget (bsc#1172166, CVE-2020-13596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2055=1 Package List: - SUSE Enterprise Storage 5 (noarch): python-Django-1.6.11-6.13.1 References: https://www.suse.com/security/cve/CVE-2020-13596.html https://bugzilla.suse.com/1172166 From sle-updates at lists.suse.com Mon Jul 27 19:12:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2020 03:12:05 +0200 (CEST) Subject: SUSE-SU-2020:2057-1: important: Security update for python-Pillow Message-ID: <20200728011205.B06DAFC39@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2057-1 Rating: important References: #1153191 #1160152 #1160153 #1160192 #1173413 #1173416 #1173418 #965582 Cross-References: CVE-2016-0775 CVE-2019-16865 CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10994 CVE-2020-5312 CVE-2020-5313 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0011-Added-DecompressionBombError.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0012-Added-decompression-bomb-checks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0013-Raise-error-if-dimension-is-a-string.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0014-Catch-buffer-overruns.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0015-Catch-PCX-P-mode-buffer-overrun.patch * Fixes CVE-2020-5312, bsc#1160152 - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 0017-Catch-FLI-buffer-overrun.patch * Fixes CVE-2020-5313, bsc#1160153 - Add 018-Invalid-number-of-bands-in-FPX-image.patch * Fixes CVE-2019-19911, bsc#1160192 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2057=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Pillow-2.8.1-3.9.1 python-Pillow-debuginfo-2.8.1-3.9.1 python-Pillow-debugsource-2.8.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2016-0775.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2020-10177.html https://www.suse.com/security/cve/CVE-2020-10378.html https://www.suse.com/security/cve/CVE-2020-10994.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1173413 https://bugzilla.suse.com/1173416 https://bugzilla.suse.com/1173418 https://bugzilla.suse.com/965582 From sle-updates at lists.suse.com Tue Jul 28 07:12:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2020 15:12:09 +0200 (CEST) Subject: SUSE-RU-2020:2058-1: important: Recommended update for ses-release and deepsea Message-ID: <20200728131209.456B5FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-release and deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2058-1 Rating: important References: #1174292 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ses-release and deepsea fixes the following issues: - Added a check to prevent installations of golang-github-prometheus-node_exporter higher than version 0.15.0. SUSE Enterprise Storage 5 does not work with versions above 0.15.0 (bsc#1174292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2058=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): ses-release-5-61.1 ses-release-POOL-5-61.1 - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.15+git.0.2fd5881e9-2.48.1 References: https://bugzilla.suse.com/1174292 From sle-updates at lists.suse.com Tue Jul 28 07:12:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2020 15:12:51 +0200 (CEST) Subject: SUSE-RU-2020:2059-1: moderate: Recommended update for grep Message-ID: <20200728131251.CCC78FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grep ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2059-1 Rating: moderate References: #1163834 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grep fixes the following issues: Fix for an issue when command 'grep -i' produces bad performance by using multibyte with 'non-utf8' encoding. (bsc#1163834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2059=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grep-2.16-4.3.1 grep-debuginfo-2.16-4.3.1 grep-debugsource-2.16-4.3.1 References: https://bugzilla.suse.com/1163834 From sle-updates at lists.suse.com Tue Jul 28 13:12:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2020 21:12:25 +0200 (CEST) Subject: SUSE-SU-2020:2060-1: important: Security update for rubygem-puma Message-ID: <20200728191225.D1870FDE4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2060-1 Rating: important References: #1158675 #1165402 #1172175 #1172176 Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2020-11077 CVE-2020-5247 Affected Products: SUSE OpenStack Cloud 6-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965): - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add CVE-2020-5247.patch (bsc#1165402) "Fixes a problem where we were not splitting newlines in headers according to Rack spec" The patch is reduced compared to the upstream version, which was patching also the parts that are not implemented in our old Puma version. This applies to unit test as well. - Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This patch fixes a DoS vulnerability a malicious client could use to block a large amount of threads. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2020-2060=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): ruby2.1-rubygem-puma-2.16.0-4.3.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1 rubygem-puma-debugsource-2.16.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-16770.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-5247.html https://bugzilla.suse.com/1158675 https://bugzilla.suse.com/1165402 https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 From sle-updates at lists.suse.com Wed Jul 29 04:12:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 12:12:56 +0200 (CEST) Subject: SUSE-RU-2020:2062-1: moderate: Recommended update for fence-agents Message-ID: <20200729101256.8A1CBFEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2062-1 Rating: moderate References: #1169485 #1169852 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fence-agents fixes the following issues: - Disable cache discovery for "gcp-vpc-move-route" resource agent. (bsc#1169852) - fence_vmware_rest Failed: 'error' object does not support indexing. (bsc#1169485) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2062=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2062=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.13.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.13.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.13.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.13.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.13.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.13.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-7.13.1 References: https://bugzilla.suse.com/1169485 https://bugzilla.suse.com/1169852 From sle-updates at lists.suse.com Wed Jul 29 04:13:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 12:13:48 +0200 (CEST) Subject: SUSE-RU-2020:2061-1: important: Recommended update for crmsh Message-ID: <20200729101348.32DC7FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2061-1 Rating: important References: #1174385 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fix for SSH communication between HA nodes by copying ssh key to 'qnetd' while detect need a password. (bsc#1174385) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2061=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1595517298.a06e892f-5.6.1 crmsh-scripts-4.2.0+git.1595517298.a06e892f-5.6.1 References: https://bugzilla.suse.com/1174385 From sle-updates at lists.suse.com Wed Jul 29 07:13:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:13:20 +0200 (CEST) Subject: SUSE-SU-2020:2068-1: important: Security update for freerdp Message-ID: <20200729131320.116BFFEC3@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2068-1 Rating: important References: #1169679 #1169748 #1171441 #1171443 #1171444 #1171445 #1171446 #1171447 #1171474 #1173247 #1173605 #1174200 Cross-References: CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to "WLOG_TRACE". - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2068=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): freerdp-2.1.2-15.7.1 freerdp-debuginfo-2.1.2-15.7.1 freerdp-debugsource-2.1.2-15.7.1 freerdp-devel-2.1.2-15.7.1 libfreerdp2-2.1.2-15.7.1 libfreerdp2-debuginfo-2.1.2-15.7.1 libwinpr2-2.1.2-15.7.1 libwinpr2-debuginfo-2.1.2-15.7.1 winpr2-devel-2.1.2-15.7.1 References: https://www.suse.com/security/cve/CVE-2020-11017.html https://www.suse.com/security/cve/CVE-2020-11018.html https://www.suse.com/security/cve/CVE-2020-11019.html https://www.suse.com/security/cve/CVE-2020-11038.html https://www.suse.com/security/cve/CVE-2020-11039.html https://www.suse.com/security/cve/CVE-2020-11040.html https://www.suse.com/security/cve/CVE-2020-11041.html https://www.suse.com/security/cve/CVE-2020-11043.html https://www.suse.com/security/cve/CVE-2020-11085.html https://www.suse.com/security/cve/CVE-2020-11086.html https://www.suse.com/security/cve/CVE-2020-11087.html https://www.suse.com/security/cve/CVE-2020-11088.html https://www.suse.com/security/cve/CVE-2020-11089.html https://www.suse.com/security/cve/CVE-2020-11095.html https://www.suse.com/security/cve/CVE-2020-11096.html https://www.suse.com/security/cve/CVE-2020-11097.html https://www.suse.com/security/cve/CVE-2020-11098.html https://www.suse.com/security/cve/CVE-2020-11099.html https://www.suse.com/security/cve/CVE-2020-11521.html https://www.suse.com/security/cve/CVE-2020-11522.html https://www.suse.com/security/cve/CVE-2020-11523.html https://www.suse.com/security/cve/CVE-2020-11524.html https://www.suse.com/security/cve/CVE-2020-11525.html https://www.suse.com/security/cve/CVE-2020-11526.html https://www.suse.com/security/cve/CVE-2020-13396.html https://www.suse.com/security/cve/CVE-2020-13397.html https://www.suse.com/security/cve/CVE-2020-13398.html https://www.suse.com/security/cve/CVE-2020-4030.html https://www.suse.com/security/cve/CVE-2020-4031.html https://www.suse.com/security/cve/CVE-2020-4032.html https://www.suse.com/security/cve/CVE-2020-4033.html https://bugzilla.suse.com/1169679 https://bugzilla.suse.com/1169748 https://bugzilla.suse.com/1171441 https://bugzilla.suse.com/1171443 https://bugzilla.suse.com/1171444 https://bugzilla.suse.com/1171445 https://bugzilla.suse.com/1171446 https://bugzilla.suse.com/1171447 https://bugzilla.suse.com/1171474 https://bugzilla.suse.com/1173247 https://bugzilla.suse.com/1173605 https://bugzilla.suse.com/1174200 From sle-updates at lists.suse.com Wed Jul 29 07:15:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:15:11 +0200 (CEST) Subject: SUSE-RU-2020:2063-1: moderate: Recommended update for s390-tools Message-ID: <20200729131511.454E0FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2063-1 Rating: moderate References: #1173481 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issue: - Change the vmcp exit code and return 'CP command failed'. (bsc#1173481) When both "CP command failed" and "response buffer is too small" error conditions are true returns 'CP command failed'. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2063=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): osasnmpd-2.11.0-9.3.1 osasnmpd-debuginfo-2.11.0-9.3.1 s390-tools-2.11.0-9.3.1 s390-tools-debuginfo-2.11.0-9.3.1 s390-tools-debugsource-2.11.0-9.3.1 s390-tools-hmcdrvfs-2.11.0-9.3.1 s390-tools-hmcdrvfs-debuginfo-2.11.0-9.3.1 s390-tools-zdsfs-2.11.0-9.3.1 s390-tools-zdsfs-debuginfo-2.11.0-9.3.1 References: https://bugzilla.suse.com/1173481 From sle-updates at lists.suse.com Wed Jul 29 07:15:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:15:57 +0200 (CEST) Subject: SUSE-SU-2020:2069-1: important: Security update for webkit2gtk3 Message-ID: <20200729131557.B3E5FFEC3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2069-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2069=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2069=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2069=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2069=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2069=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2069=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2069=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2069=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2069=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2069=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2069=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2069=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2069=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2069=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Enterprise Storage 5 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-updates at lists.suse.com Wed Jul 29 07:16:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:16:45 +0200 (CEST) Subject: SUSE-SU-2020:2065-1: moderate: Security update for samba Message-ID: <20200729131645.C94E5FEC3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2065-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2065=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2065=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2065=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2065=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2065=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.240.76c9942a99f-4.43.1 ctdb-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-updates at lists.suse.com Wed Jul 29 07:17:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:17:27 +0200 (CEST) Subject: SUSE-RU-2020:2064-1: moderate: Recommended update for s390-tools Message-ID: <20200729131727.22B34FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2064-1 Rating: moderate References: #1173480 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issue: - Change the vmcp exit code and return 'CP command failed'. (bsc#1173480) When both "CP command failed" and "response buffer is too small" error conditions are true returns 'CP command failed'. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2064=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): osasnmpd-2.1.0-21.20.1 osasnmpd-debuginfo-2.1.0-21.20.1 s390-tools-2.1.0-21.20.1 s390-tools-debuginfo-2.1.0-21.20.1 s390-tools-debugsource-2.1.0-21.20.1 s390-tools-hmcdrvfs-2.1.0-21.20.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-21.20.1 s390-tools-zdsfs-2.1.0-21.20.1 s390-tools-zdsfs-debuginfo-2.1.0-21.20.1 References: https://bugzilla.suse.com/1173480 From sle-updates at lists.suse.com Wed Jul 29 07:18:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:18:06 +0200 (CEST) Subject: SUSE-SU-2020:2067-1: moderate: Security update for ldb Message-ID: <20200729131806.BCD86FEC3@maintenance.suse.de> SUSE Security Update: Security update for ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2067-1 Rating: moderate References: #1173159 Cross-References: CVE-2020-10730 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2067=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2067=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.4.6-3.5.2 python-ldb-1.4.6-3.5.2 python-ldb-debuginfo-1.4.6-3.5.2 python-ldb-devel-1.4.6-3.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.4.6-3.5.2 ldb-tools-1.4.6-3.5.2 ldb-tools-debuginfo-1.4.6-3.5.2 libldb-devel-1.4.6-3.5.2 libldb1-1.4.6-3.5.2 libldb1-debuginfo-1.4.6-3.5.2 python3-ldb-1.4.6-3.5.2 python3-ldb-debuginfo-1.4.6-3.5.2 python3-ldb-devel-1.4.6-3.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldb1-32bit-1.4.6-3.5.2 libldb1-32bit-debuginfo-1.4.6-3.5.2 References: https://www.suse.com/security/cve/CVE-2020-10730.html https://bugzilla.suse.com/1173159 From sle-updates at lists.suse.com Wed Jul 29 07:18:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:18:50 +0200 (CEST) Subject: SUSE-SU-2020:2066-1: moderate: Security update for samba Message-ID: <20200729131850.3C938FEC3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2066-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2066=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2066=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2066=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2066=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2066=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2066=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2066=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2066=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2066=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2066=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2066=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2066=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2066=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-ceph-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-ceph-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-updates at lists.suse.com Wed Jul 29 10:13:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 18:13:11 +0200 (CEST) Subject: SUSE-RU-2020:2071-1: moderate: Recommended update for sapconf Message-ID: <20200729161311.B5EA3FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2071-1 Rating: moderate References: #1124453 #1139176 #1150868 #1150870 #1166925 #1168067 #1168840 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Check the values of the 'vm.dirty_*' settings to be in a valid range before activating or restoring these system values. (bsc#1168067) - Add a logrotate drop-in file for sapconf to control the size of the logfile. (bsc#1166925) - Implement and use the system wide security limits. (bsc#1168840) - Add support multi-queued scheduler for block devices. (jsc#SLE-11141, jsc#SLE-11144) - Remove usage of tuned from sapconf (jsc#SLE-10986, jsc#SLE-10989): - Only ONE configuration file for sapconf - All parameters of the tuned profile defined in tuned.conf sapconf - Implement Switching a sapconf profile. - Prevent sapconf related tuned error messages by turning off tuned in the preinstall phase and removing the 'active' sapconf profile. - If sapconf detects an improper tuned profile during start notes that the log, fails the start deliberatly and guides the administrator to the problem. (bsc#1139176) - Use absolute path in the configuration file. (bsc#1124453) - Replace the delimiter for a sed command in postinstall script, because of conflicts with rpm macros. (bsc#1150868, bsc#1150870) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2071=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2071=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2071=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2071=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2071=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2071=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): sapconf-5.0.0-7.12.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): sapconf-5.0.0-7.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sapconf-5.0.0-7.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): sapconf-5.0.0-7.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sapconf-5.0.0-7.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sapconf-5.0.0-7.12.2 References: https://bugzilla.suse.com/1124453 https://bugzilla.suse.com/1139176 https://bugzilla.suse.com/1150868 https://bugzilla.suse.com/1150870 https://bugzilla.suse.com/1166925 https://bugzilla.suse.com/1168067 https://bugzilla.suse.com/1168840 From sle-updates at lists.suse.com Wed Jul 29 10:14:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 18:14:30 +0200 (CEST) Subject: SUSE-RU-2020:2070-1: important: Recommended update for crmsh Message-ID: <20200729161430.910D4FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2070-1 Rating: important References: #1166962 #1169581 #1170037 #1170999 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix collecting of binary data to avoid CRC errors in 'hb_report'. (bsc#1166962) - Implement ssh key configuration improvement. (bsc#1169581, jsc#ECO-2035) - Implement using class SBDManager for 'sbd' configuration and management. (bsc#1170037, bsc#1170999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2070=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1594697133.dcecb3ec-3.33.1 crmsh-scripts-4.1.0+git.1594697133.dcecb3ec-3.33.1 References: https://bugzilla.suse.com/1166962 https://bugzilla.suse.com/1169581 https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170999 From sle-updates at lists.suse.com Wed Jul 29 13:12:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2020 21:12:46 +0200 (CEST) Subject: SUSE-RU-2020:2072-1: Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper Message-ID: <20200729191246.1A443FF0B@maintenance.suse.de> SUSE Recommended Update: Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2072-1 Rating: low References: #1037777 #1068612 #1069468 #1070737 #1077718 #1083903 #1111657 #1126503 #1133817 #1135773 #1138748 #1148383 #1149110 #1149535 #1153191 #1156525 #1159447 #1160152 #1160153 #1160192 #1160790 #1160851 #1161088 #1161089 #1161349 #1161670 #1164316 #1165402 #1167244 #1170657 #1171560 #1171909 #1172166 #1172167 #1172175 #1172176 #1172409 #948198 #981848 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves 31 vulnerabilities and has 8 fixes is now available. Description: This update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper fixes the following issues: Security fixes included ins this update: ansible - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503). grafana - CVE-2020-13379: Fixed an incorrect access control issue which could lead to information leaks or denial of service (bsc#1172409). - CVE-2020-12052: Fixed an cross site scripting vulnerability related to the annotation popup (bsc#1170657). kibana - CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909). memcached (to version 1.5.17) - CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str()n (bsc#1149110). - CVE-2019-11596: Fixed a denial of service in the 'lru' command (bsc#1133817) - CVE-2018-1000115: Disabled UDP by default to reduce DDoS amplification attacks (bsc#1083903). python-Django - CVE-2020-13254: Fixed a data leakage via malformed memcached keys (bsc#1172167). - CVE-2020-13596: Fixed a cross site scripting vulnerability related to the admin parameters of the ForeignKeyRawIdWidget (bsc#1172166). - Fixed a regression with the fix for CVE-2019-3498 (bsc#1161349). python-Pillow - CVE-2019-16865: Fixed a denial of service with specially crafted image files (bsc#1153191). - CVE-2020-5312: Fixed a buffer overflow in the PCX P mode (bsc#1160152). - CVE-2020-5313: Fixed a buffer overflow related to FLI (bsc#1160153). - CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py (bsc#1160192). python-pysaml2 - CVE-2020-5390: Fixed an issue with the verification of signatures in SAML documents (bsc#1160851) - CVE-2017-1000246: Fixed an issue with weak encryption data, caused by initialization vector reuse(bsc#1068612). python-waitress (to version 1.4.3) - CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: Fixed HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: Fixed HTTP Request Smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length header handling (bsc#1161670). rubygem-activeresource - CVE-2020-8151: Fixed information disclosure issue through specially crafted requests (bsc#1171560) rubygem-json-1_7 - CVE-2020-10663: Fixed Unsafe Object Creation Vulnerability in JSON (bsc#1167244) rubygem-puma - CVE-2020-11077: Fixed HTTP Request Smuggling through proxy (bsc#1172175) - CVE-2020-11076: Fixed HTTP Request smuggling through invalid Transfer-Encoding header. - CVE-2020-5247: Fixed HTTP Response Splitting through newline characters handling (bsc#1165402) zookeeper: - CVE-2019-0201: Fixed an information disclosure related to getACL() (bsc#1135773). Non security fixes included in this update: Changes in ansible: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in crowbar-core: - Update to version 4.0+git.1580209654.1d112d31f: * network: start OVS before wickedd (SOC-11067) Changes in crowbar-ha: - Update to version 4.0+git.1585316203.d6ad2c8: * [4.0] add ssl termination on haproxy (bsc#1149535) Changes in crowbar-openstack: - Update to version 4.0+git.1589804581.9972163f0: * [4.0] magnum: fix check for image/flavor (SOC-11251) - Update to version 4.0+git.1589647351.ccfd9481f: * [4.0] trove: fix rabbitmq connection URL (SOC-11286) - Update to version 4.0+git.1589458214.9f765aa08: * [4.0] Fix create magnum k8s image and flavor (SOC-11251) - Update to version 4.0+git.1588271860.131fc8cc1: * run keystone_register on cluster founder only when HA (SOC-11248) * nova: run keystone_register on cluster founder only (SOC-11243) - Update to version 4.0+git.1588096523.679da5c50: * tempest: retry openstack commands (SOC-11238) - Update to version 4.0+git.1587129016.c009e43c9: * Disable magnum.tests.functional.api.v1.test_cluster (SOC-11224) - Update to version 4.0+git.1587035427.abb6e9b4e: * Fix barbican SSL support (SOC-9298) - Update to version 4.0+git.1586421486.5601320b7: * Fix magnum tempest tests (SOC-9298) - Update to version 4.0+git.1585331022.609482166: * tempest: update blacklisted tempest test cases (SOC-9801,SOC-11174,SOC-11187) - Update to version 4.0+git.1585136604.988f3a1da: * Disabling failing tempest tests on SOC7 * [4.0] ec2-api: run keystone_register on cluster founder only (SOC-11079) - Update to version 4.0+git.1582582068.c8c2448c0: * neutron: Place space between CLI arguments - Update to version 4.0+git.1580894959.1fe5fd282: * Revert "[4.0] rabbitmq: sync startup definitions.json with recipe" (SOC-11082) - Update to version 4.0+git.1580469474.967ab8baf: * rabbitmq: sync startup definitions.json with recipe (SOC-11077) Changes in etcd: - Build against go 1.6 - Fix etcd build. We are generating 2 binaries, etcd and etcdctl. They need to be built separately - Ensure /var/lib/etcd is controlled by etcd:etcd - exclude i586. We don't expect this package to be built on i586. - remove sysconfig.etcd: this file is not being used - Update to version 3.1.0: * raft: add node should reset the pendingConf state * v3rpc: don't close watcher if client closes send * e2e: add test for v3 watch over grpc gateway * mvcc: remove unused restore method * integration: don't expect recv to stop on CloseSend in waitResponse * Documentation: add grpc gateway watch example * version: bump up v3.1.0-rc.1+git * discovery: warn on scheme mismatch * grpcproxy: fix deadlock on watch broadcasts stop * etcdmain: add '/metrics' HTTP/1 path to grpc-proxy * etcd-tester: do not resolve localhost * raftexample: confState should be saved after apply * raft: test case to check the duplicate add node propose * raft: fix test case, should wait config propose applied * raft: fix test case for data race * raft: use the channel instead of sleep to make test case reliable * raft: fix TestNodeProposeAddDuplicateNode * etcdmain: handle TLS in grpc-proxy listener * etcd-tester:limit max retry backoff delay * functional-tester: add withBlock() to grpc dial * op-guide: add notes about Prometheus data source in Grafana * clientv3: return copy of endpoints, not pointer * auth: add a timeout mechanism to simple token * client: update README about health monitoring * grpcproxy: fix race between watch ranges delete() and broadcasts empty() * lease: Use monotonic time in lease * integration: use Range to wait for reboot in quota tests * grpcproxy: fix race between coalesce and bcast on nextrev * etcd-tester: refactor lease checker * store: check sorted order in TestStoreGetSorted * vendor: bump go-systemd to v14 to avoid build error * integration: cancel Watch when TestV3WatchWithPrevKV exits * grpcproxy: add richer metrics for watch * grpcproxy: add cache related metrics * raft: Fix election "logs converge" test * raft: Export Progress.IsPaused * benchmark: add rate limit * etcdctl: remove GetUser check before mutable commands * grpcproxy: lock store when getting size * Documentation: link added to libraries-and-tools.md with a new v2 Scala Client * grpcproxy: fix deadlock in watchbroadcast * etcdserver: time out when readStateC is blocking * store: fix store_test.go comments * vendor: update ugorji/go * client: update generated ugorji codec * doc: initial faq * clientv3/integration: test lease keepalive works following quorum loss * integration: use RequireLeader for TestV3LeaseFailover * v3rpc, etcdserver, leasehttp: ctxize Renew with request timeout * Documentation: add blox and chain as users * etcdserver: do not send v2 sync if ttl keys do not exist * ROADMAP: update for 3.2 * Documentation: add more FAQ questions * grpcproxy: fix minor typo * vendor: use versions when possible in glide.yaml * scripts: use glide update if repo exists in glide.lock * github: make bug reporting link non-relative * github: make contribution link non-relative * Documentation: update get examples to be clearer about ranges * etcdserver, embed, v2http: move pprof setup to embed * doc: add faq about apply warning logging * test: exclude '_home' for gosimple, unused * auth: fix gosimple errors * integration: simplify boolean comparison in resp.Created * raft: simplify boolean comparison, remove unused * tools: simplify boolean comparison, remove unused * e2e: remove unused 'ctlV3GetFailPerm' * v3rpc: remove unused 'splitMethodName' function * grpcproxy: remove unused field 'wbs *watchBroadcasts' * doc: add faq about missing heartbeat * etcdctl: "fields" output formats * build: remove dir use -r flag * etcd-tester: add 'enable-pprof' option * etcd-tester: cancel lease stream; fix OOM panic * doc: add hardware section * auth: improve 'removeSubsetRangePerms' to O(n) * Documentation: use port 2379 in local cluster guide The port in endpoints should be 2379, instead of 12379. * op-guide/clustering: fix typo * embed: deep copy user handlers * Documentation: add more FAQs (follower, leader, sys-require) * clientv3: close Lease on client Close * netutil: ctx-ize URLStringsEqual * etcdserver: retry for 30s on advertise url check * membership: retry for 30s on advertise url check * clientv3: return error from KeepAlive if corresponding loop exits * clientv3: add test for keep alive loop exit case * auth, etcdserver: protect membership change operations with auth * e2e: test cases of protecting membership change with auth * clientv3: better error message for keep alive loop halt * Documentation: FAQ entry for cluster ID mismatches * dev-guide: add limit.md * Documentation: minor fix nodes -> node * etcdctl: warn when backend takes too long to open on migrate * docs: explicitly set ETCDCTL_API=3 in recovery.md * v3api, rpctypes: add ErrTimeoutDueToConnectionLost * clientv3/integration: test lease grant/keepalive with/without failures * clientv3: don't reset keepalive stream on grant failure * etcdctl: tighten up output, reorganize README.md * Documentation: add FAQs on membership operation * Documentation: add 'why.md' * embed: only override default advertised client URL if the client listen URL is 0.0.0.0 * raft: make memory storage set method thread safe * raft: resume paused followers on receipt of MsgHeartbeatResp * etcd-tester: fix typo, add endpoint in logs * lease: force leader to apply its pending committed index for lease operations * leasehttp: buffer error channel to prevent goroutine leak * raft: fix pre-vote tests * etcdserver: rework update committed index logic * etcd-tester: remove unused err var from maxRev * e2e: check etcdctl endpoint health is healthy if denied permission to key * benchmark: a new option for configuring dial timeout * ctlv3: consider permission denied error to be healthy for endpoints * etcdmain: add --metrics flag for exposing histogram metrics * e2e: test cluster-health * v2http: submit QGET in health endpoint if no progress * test: bump grpcproxy pass timeout to 15m * lease: use atomics for accessing lease expiry * e2e: poll '/version' in release upgrade tests * e2e: unset ETCDCTL_API env var before running u2e tests * etcdserver: consistent naming in raftReadyHandler * coverage: rework code coverage for unit and integration tests * testutil: whitelist thread created by go cover * rafthttp: bump up timeout in pipeline test * grpcproxy, etcdmain, integration: return done channel with WatchServer * integration: defer clus.Terminate in watch tests * raftexample: load snapshot when opening WAL * etcd-runner: make command compliant * raft: use status to test node stop * etcdserver: expose ErrNotEnoughStartedMembers * etcdserver: resume compactor only if leader * benchmark: enable grpc error logging on stderr * etcd-runner:add flags in watcher for hardcoded values * docs: fix recovery example in recovery.md * auth: use quorum get for GetUser/GetRole for mutable operations * grpcproxy: tear down watch when client context is done * integration: use only digits in unix ports * e2e: dump stack on ctlTest timeout * expect: EXPECT_DEBUG environment variable * why: add origin of the term etcd * testutil: increase size of buffer for stack dump * raft: fix test case for #7042 * vendor: update ugorji/go * integration: add grpc auth testing * auth: reject empty user name when checking op permissions * etcdctl: create root role on auth enable if it does not yet exist * raft: add RawNode test case for #6866 * pkg/report: support 99.9-percentile, change column name * documentation: display docs.md in github browser * benchmark: option to rate limit range benchmark * etcdserver, clientv3: handle a case of expired auth token * tools: Add etcd 3.0 load test tool refernece * transport: warn on user-provided CA * NEWS: add v3.1.0, v3.0.16 + minor fixes * clienv3: fix balancer test logic * clientv3: don't reset stream on keepaliveonce or revoke failure * grpcproxy: use ccache for key cache * vendor: remove groupcache, add ccache * pkg/report: add 'Stats' to expose report raw data * travis: use Go 1.7.4, drop old env var * ctlv3: print cluster info after adding new member * Documentation: document upgrading to v3.1 * pkg/report: add nil checking for getTimeSeries * etcdserver: use ReqTimeout for linearized read * grpcproxy, etcdmain, integration: add close channel to kv proxy * glide: update 'golang.org/x/net' * vendor: update 'golang.org/x/net' * Documentation: update experimental_apis for v3.1 release * NEWS: fix date for v3.1 release * Documentation: fix typo s/endpoint-health/endpoint health/ * clientv3/concurrency: fix rev comparison on concurrent key deletion * integration: test STM apply on concurrent deletion * pkg/flags: fixed prefix checking of the env variables * etcdctlv3: snapshot restore works with lease key * test: passed the test script arguments as the test function parameters * documentation: update build documentation * version: bump to v3.1.0 - Update to version 3.1.0rc.1: * grpcproxy: watch next revision should be start revision when not 0 * grpcproxy: copy range request before storing in cache * raft: return empty status if node is stopped * mvcc: store.restore taking too long triggering snapshot cycle fix * mvcc: TestStoreRestore fix * mvcc : Added benchmark for store.resotre * pkg/netutil: get default interface for tc commands * version: bump up v3.1.0-rc.1 Changes in grafana: - Add CVE-2020-13379.patch * Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379) - Refresh systemd-notification.patch - Fix declaration for LICENSE - Add 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch * Security: Fix annotation popup XSS vulnerability (bsc#1170657) - Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#1148383) Changes in keepalived: - update to 2.0.19 - new BR pkgconfig(libnftnl) to fix nftables support - add nftables to the BR - added patch * linux-4.15.patch - add buildrequires for file-devel - used in the checker to verify scripts - enable json stats and config dump support new BR: pkgconfig(json-c) - enable http regexp support: new BR pcre2-devel - disable dbus instance creation support as it is marked as dangerous - Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. - full changelog https://keepalived.org/changelog.html - update to 1.4.5: * Update snapcraft.yaml for 1.4.x+git * Fix generation of git-commit.h with git commit number. * Set virtual server address family correctly. * Set virtual server address family correctly when using tunnelled real servers. * Fix handling of virtual servers with no real servers at config time. * Add warning if virtual and real servers are different address families. Although normally the virtual server and real servers must have the same address family, if a real server is tunnelled, the address families can be different. However, the kernel didn't support that until 3.18, so add a check that the address families are the same if different address families are not supported by the kernel. * Send correct status in Dbus VrrpStatusChange notification. When an instance transitioned from BACKUP to FAULT, the Dbus status change message reported the old status (BACKUP) rather than the new status (FAULT). This commit attempts to resolved that. * doc: ipvs schedulers update * Fix a couple of typos in configure.ac. * Fix namespace collision with musl if_ether.h. * Check if return value from read_value_block() is null before using. * Fix reporting real server stats via SNMP. * Make checker process handle RTM_NEWLINK messages with -a option Even though the checker process doesn't subscribe to RTNLGRP_LINK messages, it appears that older kernels (certainly 2.6.32) can send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs when the link is set to up state. Only the VRRP process is interested in link messages, and so the checker process doesn't do the necessary initialisation to be able to handle RTM_NEWLINK messages. This commit makes the checker process simply discard RTM_NEWLINK and RTM_DELLINK messages, rather than assuming that if it receives an RTM_NEWLINK message it must be the VRRP process. This problem was reported in issue #848 since the checker process was segfaulting when a new interface was added when the -a command line option was specified. * Fix handling RTM_NEWLINK when building without VRRP code. * Fix building on Fedora 28. net-snmp-config output can include compiler and linker flags that refer to spec files that were used to build net-snmp but may not exist on the system building keepalived. That would cause the build done by configure to test for net-snmp support to fail; in particular on a Fedora 28 system that doesn't have the redhat-rpm-config package installed. This commit checks that any spec files in the compiler and linker flags returned by net-snmp-config exist on the system building keepalived, and if not it removes the reference(s) to the spec file(s). * keepalived-1.4.3 released. * vrrp: setting '0' as default value for ifa_flags to make gcc happy. * Add additional libraries when testing for presence of SSL_CTX_new(). It appears that some systems need -lcrypto when linking with -lssl. * Sanitise checking of libnl3 in configure.ac. * Report and handle missing '}'s in config files. * Add missing '\n' in keepalived.data output. * Stop backup taking over as master while master reloads. If a reload was initiated just before an advert, and since it took one advert interval after a reload before an advert was sent, if the reload itself took more than one advert interval, the backup could time out and take over as master. This commit makes keepalived send adverts for all instances that are master immediately before a reload, and also sends adverts immediately after a reload, thereby trippling the time available for the reload to complete. * Add route option fastopen_no_cookie and rule option l3mdev. * Fix errors in KEEPALIVED-MIB.txt. * Simplify setting on IN6_ADDR_GEN_MODE. * Cosmetic changes to keepalived(8) man page. * Don't set ipvs sync daemon to master state before becoming master If a vrrp instance which was the one specified for the ipvs sync daemon was configured with initial state master, the sync daemon was being set to master mode before the vrrp instance transitioned to master mode. This caused an error message when the vrrp instance transitioned to master and attempted to make the sync daemon go from backup to master mode. This commit stops setting the sync daemon to master mode at initialisation time, and it is set to master mode when the vrrp instance transitions to master. * Fix freeing vector which has not had any entries allocated. * Add additional mem-check disgnostics vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all call MALLOC/FREE but the functions written in the mem_check log are vector_alloc etc, not the functions that call them. This commit adds logging of the originating calling function. * Fix memory leak in parser.c. * Improve alignment of new mem-check logging. * Disable all checkers on a virtual server when ha_suspend set. Only the first checker was being disabled; this commit now disables all of them. Also, make the decision to disable a checker when starting/reloading when scheduling the checker, so that the existance of the required address can be checked. * Stop genhash segfaulting when built with --enable-mem-check. * Fix memory allocation problems in genhash. * Properly fix memory allocation problems in genhash. * Fix persistence_granularity IPv4 netmask validation. The logic test from inet_aton() appears to be inverted. * Fix segfault when checker configuration is missing expected parameter Issue #806 mentioned as an aside that "nb_get_retry" without a parameter was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration keyword is missing its parameter" missed the "hidden" uses of vector_slot() (i.e. those used via definitions in header files). This commit now updates those uses of vector_slot() to use strvec_slot() instead. * Fix compiling on Linux 2.x kernels. There were missing checks for HAVE_DECL_CLONE_NEWNET causing references to an undeclared variable if CLONE_NEWNET wasn't defined. * Improve parsing of kernel release. The kernel EXTRAVERSION can start with any character (although starting with a digit would be daft), so relax the check for it starting with a '-'. Kernels using both '+' and '.' being the first character of EXTRAVERSION have been reported. * Improve grammer. * add support for SNI in SSL_GET check. this adds a `enable_sni` parameter to SSL_GET, making sure the check passes the virtualhost in the SNI extension during SSL handshake. * Optimise setting host name for SSL_GET requests with SNI. * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL. * Use configure to check for SSL_set_tlsext_host_name() Rather than checking for a specific version of the OpenSSL library (and it would also need checking the version of the LibreSSL library) let configure check for the presence of SSL_set_tlsext_host_name(). Also omit all code related to SNI of SSL_set_tlsext_host_name() is not available. * Use configure to determine available OpenSSL functionality Rather than using version numbers of the OpenSSL library to determine what functions are available, let configure determine whether the functions are supported. The also means that the same tests work for LibreSSL. * Add support for gratuitous ARPs for IP over Infiniband. * Use system header definition instead of local definition IF_HWADDR_MAX linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas IF_HWADDR_MAX was locally defined to be 20. Unfortunately we end up with more system header file juggling to ensure we don't have duplicate definitions. * Fix vrrp_script and check_misc scripts of type compares equal to 42 and compares equal to b'A'. Unlike C, does not compare equal to ffi.cast("unsigned int", -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record ???memory pressure???, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new("int[]", 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I???m turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object???and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property???but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the ???limited API???, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don???t use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast("primitive type", x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object???now including bytearrays???you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn???t exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - drop upstreamed python-cffi-avoid-bitshifting-negative-int.patch - update for multipython build - Add python-cffi-avoid-bitshifting-negative-int.patch to actually fix the "negative left shift" warning by replacing bitshifting in appropriate places by bitwise and comparison to self; patch taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no longer required. - disable "negative left shift" warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (boo#981848, cffi-1.5.2-wnoerror.patch) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern ???Python+C??? * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython???s interpreter shutdown logic. Changes in python-pylons-sphinx-themes: - moved LICENSE.txt to docs to match old structure - specfile: * update copyright year - update to version 1.0.11: * Fix the width of linenos table column when used in code-blocks. - Replace %fdupes -s with plain %fdupes; hardlinks are better. - Update to version 1.0.10 (2018-09-25) + Add Read the Docs to the recipients of ad revenue. - Update to version 1.0.9 (2018-09-23) + Remove hyphenation because it sometimes hyphenates inappropriately, such as in code. - Update to version 1.0.8 (2018-09-21) + Fix support for Ethical Ads. - Update to version 1.0.7 (2018-09-21) + Added support for Ethical Ads for Read The Docs. See https://github.com/Pylons/pylons-sphinx-themes/pull/12 - Remove superfluous devel dependency for noarch package - Update to version 1.0.6 * Update zest.releaser in order to release to PyPI. - Update to version 1.0.5 * Clean up licensing https://github.com/Pylons/pylons-sphinx-themes/issues/8 - Provide/obsolete old pylons_sphinx_theme - Update to version 1.0.4 * Specify line spacing for list items for only within the .body class. version 1.0.3 * Add line spacing for list items. Closes #4. version 1.0.2: * Remove HTTPS protocol to allow either HTTPS or HTTP. version 1.0.1: * Use HTTPS for protocol of stylesheets. version 1.0: * Use zest.releaser for releasing. * Improve documentation. - Converted to single-spec - version 0.3.1: initial build Changes in python-Django: - Fix merge artifact in CVE-2020-13596.patch - Add CVE-2019-19844.patch (bsc#1159447, CVE-2019-19844) * Fix Potential account hijack via password reset form - Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596) * Added patch CVE-2020-13254.patch * Added patch CVE-2020-13596.patch - Set _defaultlicensedir - Fix for SG#56542, bsc#1161349: * Fixed CVE-2019-3498-Fixed-content-spoof.patch - Fix for SG#56542, bsc#1161349: * Fixed CVE-2019-3498-Fixed-content-spoof.patch (There was a bug in this .patch file; some code had been accidentally included in the backport, and this stopped the 404 page from loading. See commit message and bug report for more information) Changes in python-Pillow: - Remove decompression_bomb.gif and relevant test case to avoid ClamAV scan alerts during build - Add 0008-Corrected-negative-seeks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/2402 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0011-Added-DecompressionBombError.patch * From upstream, backported * Adds DecompressionBombError class * Used by 0012-Added-decompression-bomb-checks.patch - Add 0012-Added-decompression-bomb-checks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0013-Raise-error-if-dimension-is-a-string.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0014-Catch-buffer-overruns.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0015-Catch-PCX-P-mode-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5312, bsc#1160152 - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 0017-Catch-FLI-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5313, bsc#1160153 - Add 018-Invalid-number-of-bands-in-FPX-image.patch * From upstream, backported * Fixes CVE-2019-19911, bsc#1160192 Changes in python-psql2mysql: - Update to version 0.5.0+git.1589351878.4ef877c: * Do not fail on instance_info length, it is expected to be LONGTEXT - Update to version 0.5.0+git.1582192453.98e9561: * Neutron drivers use own naming for alembic migrations, e.g. cisco_alembic_version, aci_alembic_version, etc depending on driver. Changes in python-psutil: - Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874) Changes in python-py: - update to version 1.5.2 ----------------------------------------------------------------- - update to version 1.4.33 Changes in python-py: - update to version 1.5.2: * fix #169, #170: error importing py.log on Windows: no module named "syslog". - changes from version 1.5.1: * fix #167 - prevent pip from installing py in unsupported Python versions. - changes from version 1.5.0: * python 2.6 and 3.3 are no longer supported * deprecate py.std and remove all internal uses * fix #73 turn py.error into an actual module * path join to / no longer produces leading double slashes * fix #82 - remove unsupportable aliases * fix python37 compatibility of path.sysfind on windows by correctly replacing vars * turn iniconfig and apipkg into vendored packages and ease de-vendoring for distributions * fix #68 remove invalid py.test.ensuretemp references * fix #25 - deprecate path.listdir(sort=callable) * add TerminalWriter.chars_on_current_line read-only property that tracks how many characters have been written to the current line. - changes from version 1.4.34 * fix issue119 / pytest issue708 where tmpdir may fail to make numbered directories when the filesystem is case-insensitive. - update to version 1.4.33: * avoid imports in calls to py.path.local().fnmatch(). Thanks Andreas Pelme for the PR. * fix issue106: Naive unicode encoding when calling fspath() in python2. Thanks Tiago Nobrega for the PR. * fix issue110: unittest.TestCase.assertWarns fails with py imported. - changes from version 1.4.32 * fix issue70: aded ability to copy all stat info in py.path.local.copy. * make TerminalWriter.fullwidth a property. This results in the correct value when the terminal gets resized. * update supported html tags to include recent additions. Thanks Denis Afonso for the PR. * Remove internal code in ``Source.compile`` meant to support earlier Python 3 versions that produced the side effect of leaving ``None`` in ``sys.modules`` when called (see pytest-dev/pytest#2103). Thanks Bruno Oliveira for the PR. Changes in python-pysaml2: - Add 0001-Always-generate-a-random-IV-for-AES-operations.patch (CVE-2017-1000246, bsc#1068612) - Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch (CVE-2020-5390, bsc#1160851) Changes in python-waitress: - update to 1.4.3 to include fixes for: * CVE-2019-16785 / bsc#1161088 * CVE-2019-16786 / bsc#1161089 * CVE-2019-16789 / bsc#1160790 * CVE-2019-16792 / bsc#1161670 - moved LICENSE.txt to docs to match old structure - make sure UTF8 locale is used when runnning tests * Sometimes functional tests executed in python3 failed if stdout was not set to UTF-8. The error message was: ValueError: underlying buffer has been detached - %python3_only -> %python_alternative - update to 1.4.3 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP request smuggling/splitting. - drop patch local-intersphinx-inventories.patch * it was commented out, anyway - update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes - update to 1.3.1 * Waitress won???t accidentally throw away part of the path if it starts with a double slash - version update to 1.3.0 Deprecations ~~~~~~~~~~~~ - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated pending removal in a future release. and https://github.com/Pylons/waitress/pull/246 Features ~~~~~~~~ - Add a new ``outbuf_high_watermark`` adjustment which is used to apply backpressure on the ``app_iter`` to avoid letting it spin faster than data can be written to the socket. This stabilizes responses that iterate quickly with a lot of data. See https://github.com/Pylons/waitress/pull/242 - Stop early and close the ``app_iter`` when attempting to write to a closed socket due to a client disconnect. This should notify a long-lived streaming response when a client hangs up. See https://github.com/Pylons/waitress/pull/238 and https://github.com/Pylons/waitress/pull/240 and https://github.com/Pylons/waitress/pull/241 - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how much waitress will buffer internally before flushing to the kernel, whereas previously it used to also throttle how much data was sent to the kernel. This change enables a streaming ``app_iter`` containing small chunks to still be flushed efficiently. See https://github.com/Pylons/waitress/pull/246 Bugfixes ~~~~~~~~ - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will no longer set the version to the string value "None". See https://github.com/Pylons/waitress/pull/252 and https://github.com/Pylons/waitress/issues/110 - When a client closes a socket unexpectedly there was potential for memory leaks in which data was written to the buffers after they were closed, causing them to reopen. See https://github.com/Pylons/waitress/pull/239 - Fix the queue depth warnings to only show when all threads are busy. See https://github.com/Pylons/waitress/pull/243 and https://github.com/Pylons/waitress/pull/247 - Trigger the ``app_iter`` to close as part of shutdown. This will only be noticeable for users of the internal server api. In more typical operations the server will die before benefiting from these changes. See https://github.com/Pylons/waitress/pull/245 - Fix a bug in which a streaming ``app_iter`` may never cleanup data that has already been sent. This would cause buffers in waitress to grow without bounds. These buffers now properly rotate and release their data. See https://github.com/Pylons/waitress/pull/242 - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger an exception when passed to the ``wsgi.file_wrapper`` callback. See https://github.com/Pylons/waitress/pull/249 - Trim marketing wording and other platform mentions. - Add fetch-intersphinx-inventories.sh to sources - Add local-intersphinx-inventories.patch for generating the docs correctly - update to version 1.2.1: too many changes to list here, see: https://github.com/Pylons/waitress/blob/master/CHANGES.txt or even: https://github.com/Pylons/waitress/commits/master - Remove superfluous devel dependency for noarch package - update to version 1.1.0: * Features + Waitress now has a __main__ and thus may be called with "python -mwaitress" * Bugfixes + Waitress no longer allows lowercase HTTP verbs. This change was made to fall in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + When receiving non-ascii bytes in the request URL, waitress will no longer abruptly close the connection, instead returning a 400 Bad Request. See https://github.com/Pylons/waitress/pull/162 and https://github.com/Pylons/waitress/issues/64 - Update to 1.0.2 * Python 3.6 is now officially supported in Waitress * Add a work-around for libc issue on Linux not following the documented standards. If getnameinfo() fails because of DNS not being available it should return the IP address instead of the reverse DNS entry, however instead getnameinfo() raises. We catch this, and ask getnameinfo() for the same information again, explicitly asking for IP address instead of reverse DNS hostname. - Implement single-spec version. - Fix source URL. - update to 1.0.1: - IPv6 support on Windows was broken due to missing constants in the socket module. This has been resolved by setting the constants on Windows if they are missing. See https://github.com/Pylons/waitress/issues/138 - A ValueError was raised on Windows when passing a string for the port, on Windows in Python 2 using service names instead of port numbers doesn't work with `getaddrinfo`. This has been resolved by attempting to convert the port number to an integer, if that fails a ValueError will be raised. See https://github.com/Pylons/waitress/issues/139 - Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on hosts where there is no internet connection but localhost is requested to be bound to. See https://github.com/Pylons/waitress/issues/131 for more information. - disable tests. need network access. Changes in rabbitmq-server: - Apply patches to resolve CVE-2017-4967,CVE-2017-4965 (bsc#1037777) 0001-Escape-HTML-tags-in-policy-definition-fields.patch 0002-Don-t-echo-provided-encoding-value-back.patch 0003-Strip-off-pids-and-format-consumer-details-for-2-end.patch 0004-Format-Web-contexts.patch Changes in release-notes-suse-openstack-cloud: - Switch github URL from git@ to https:// to bypass authentication Changes in rubygem-activeresource: - Add bsc#1171560-CVE-2020-8151-encode-id-param.patch Prevent possible information disclosure issue that could allow an attacker to create specially crafted requests to access data in an unexpected way (bsc#1171560 CVE-2020-8151)) Changes in rubygem-crowbar-client: - Update to 3.9.2 - Enable SES commands in Cloud8 (SOC-11122) Changes in rubygem-json-1_7: - Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244) Changes in rubygem-puma: - Fix indentation in gem2rpm.yml - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add chunked-request-handling.patch (needed for CVE-2020-11076.patch) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add all patches to gem2rpm.yml - Add CVE-2020-5247.patch (bsc#1165402) "Fixes a problem where we were not splitting newlines in headers according to Rack spec" The patch is reduced compared to the upstream version, which was patching also the parts that are not implemented in our old Puma version. This applies to unit test as well. Changes in zookeeper: - Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch This applies the patch for ZOOKEEPER-1392 to resolve CVE-2019-0201 Should not allow to read ACL when not authorized to read node (bsc#1135773) - Various cleanups in spec file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2072=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5 crowbar-core-branding-upstream-4.0+git.1580209654.1d112d31f-9.66.5 keepalived-2.0.19-1.8.1 memcached-1.5.17-3.6.1 memcached-debuginfo-1.5.17-3.6.1 memcached-debugsource-1.5.17-3.6.1 python-Pillow-2.8.1-4.12.1 python-Pillow-debuginfo-2.8.1-4.12.1 python-Pillow-debugsource-2.8.1-4.12.1 python-psutil-1.2.1-21.1 python-psutil-debuginfo-1.2.1-21.1 python-psutil-debugsource-1.2.1-21.1 rabbitmq-server-3.4.4-3.16.1 rabbitmq-server-plugins-3.4.4-3.16.1 ruby2.1-rubygem-activeresource-4.0.0-3.3.1 ruby2.1-rubygem-crowbar-client-3.9.2-7.20.1 ruby2.1-rubygem-json-1_7-1.7.7-3.3.1 ruby2.1-rubygem-json-1_7-debuginfo-1.7.7-3.3.1 ruby2.1-rubygem-puma-2.16.0-4.6.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.6.1 rubygem-json-1_7-debugsource-1.7.7-3.3.1 rubygem-puma-debugsource-2.16.0-4.6.1 - SUSE OpenStack Cloud 7 (noarch): ansible-2.2.3.0-12.2 crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4 crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4 monasca-installer-20180608_12.47-12.1 openstack-dashboard-theme-SUSE-2016.2-5.12.4 openstack-manila-3.0.1~dev30-4.12.2 openstack-manila-api-3.0.1~dev30-4.12.2 openstack-manila-data-3.0.1~dev30-4.12.2 openstack-manila-doc-3.0.1~dev30-4.12.3 openstack-manila-scheduler-3.0.1~dev30-4.12.2 openstack-manila-share-3.0.1~dev30-4.12.2 openstack-neutron-fwaas-9.0.2~dev5-4.9.3 openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4 openstack-nova-14.0.11~dev13-4.40.2 openstack-nova-api-14.0.11~dev13-4.40.2 openstack-nova-cells-14.0.11~dev13-4.40.2 openstack-nova-cert-14.0.11~dev13-4.40.2 openstack-nova-compute-14.0.11~dev13-4.40.2 openstack-nova-conductor-14.0.11~dev13-4.40.2 openstack-nova-console-14.0.11~dev13-4.40.2 openstack-nova-consoleauth-14.0.11~dev13-4.40.2 openstack-nova-doc-14.0.11~dev13-4.40.2 openstack-nova-novncproxy-14.0.11~dev13-4.40.2 openstack-nova-placement-api-14.0.11~dev13-4.40.2 openstack-nova-scheduler-14.0.11~dev13-4.40.2 openstack-nova-serialproxy-14.0.11~dev13-4.40.2 openstack-nova-vncproxy-14.0.11~dev13-4.40.2 openstack-tempest-12.2.1~a0~dev177-4.9.1 openstack-tempest-test-12.2.1~a0~dev177-4.9.1 python-Django-1.8.19-3.23.1 python-manila-3.0.1~dev30-4.12.2 python-neutron-fwaas-9.0.2~dev5-4.9.3 python-nova-14.0.11~dev13-4.40.2 python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1 python-py-1.8.1-11.12.1 python-pysaml2-4.0.2-3.17.1 python-tempest-12.2.1~a0~dev177-4.9.1 python-waitress-1.4.3-3.3.1 release-notes-suse-openstack-cloud-7.20180803-3.18.3 zookeeper-server-3.4.10-6.1 - SUSE OpenStack Cloud 7 (x86_64): grafana-4.6.5-1.14.1 kibana-4.6.3-5.1 kibana-debuginfo-4.6.3-5.1 References: https://www.suse.com/security/cve/CVE-2017-1000246.html https://www.suse.com/security/cve/CVE-2017-4965.html https://www.suse.com/security/cve/CVE-2017-4967.html https://www.suse.com/security/cve/CVE-2018-1000115.html https://www.suse.com/security/cve/CVE-2019-0201.html https://www.suse.com/security/cve/CVE-2019-11596.html https://www.suse.com/security/cve/CVE-2019-15026.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-16785.html https://www.suse.com/security/cve/CVE-2019-16786.html https://www.suse.com/security/cve/CVE-2019-16789.html https://www.suse.com/security/cve/CVE-2019-16792.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-18874.html https://www.suse.com/security/cve/CVE-2019-19844.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2019-3498.html https://www.suse.com/security/cve/CVE-2019-3828.html https://www.suse.com/security/cve/CVE-2020-10663.html https://www.suse.com/security/cve/CVE-2020-10743.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-13254.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-13596.html https://www.suse.com/security/cve/CVE-2020-5247.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://www.suse.com/security/cve/CVE-2020-5390.html https://www.suse.com/security/cve/CVE-2020-8151.html https://bugzilla.suse.com/1037777 https://bugzilla.suse.com/1068612 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1077718 https://bugzilla.suse.com/1083903 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1126503 https://bugzilla.suse.com/1133817 https://bugzilla.suse.com/1135773 https://bugzilla.suse.com/1138748 https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1149110 https://bugzilla.suse.com/1149535 https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1156525 https://bugzilla.suse.com/1159447 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1160790 https://bugzilla.suse.com/1160851 https://bugzilla.suse.com/1161088 https://bugzilla.suse.com/1161089 https://bugzilla.suse.com/1161349 https://bugzilla.suse.com/1161670 https://bugzilla.suse.com/1164316 https://bugzilla.suse.com/1165402 https://bugzilla.suse.com/1167244 https://bugzilla.suse.com/1170657 https://bugzilla.suse.com/1171560 https://bugzilla.suse.com/1171909 https://bugzilla.suse.com/1172166 https://bugzilla.suse.com/1172167 https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 https://bugzilla.suse.com/1172409 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/981848 From sle-updates at lists.suse.com Wed Jul 29 16:13:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:13:16 +0200 (CEST) Subject: SUSE-SU-2020:2073-1: important: Security update for grub2 Message-ID: <20200729221316.501DBFF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2073-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2073=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2073=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-19.48.1 grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:14:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:14:26 +0200 (CEST) Subject: SUSE-SU-2020:2076-1: important: Security update for grub2 Message-ID: <20200729221426.69C32FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2076-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2076=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2076=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2076=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2076=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 grub2-debugsource-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.49.1 grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 grub2-debugsource-2.02~beta2-115.49.1 grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:15:45 +0200 (CEST) Subject: SUSE-SU-2020:2079-1: important: Security update for grub2 Message-ID: <20200729221545.BED7DFF14@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2079-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2079=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2079=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2079=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2079=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2079=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2079=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2079=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 - SUSE Enterprise Storage 5 (aarch64): grub2-arm64-efi-2.02-4.53.1 - SUSE Enterprise Storage 5 (x86_64): grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - HPE Helion Openstack 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:17:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:17:02 +0200 (CEST) Subject: SUSE-SU-2020:2078-1: important: Security update for grub2 Message-ID: <20200729221702.7A9F7FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2078-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2078=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2078=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2078=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2078=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2078=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-12.31.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:18:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:18:59 +0200 (CEST) Subject: SUSE-SU-2020:2074-1: important: Security update for grub2 Message-ID: <20200729221859.BC46EFF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2074-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2074=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2074=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.7.1 grub2-debuginfo-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.7.1 grub2-i386-pc-2.04-9.7.1 grub2-powerpc-ieee1275-2.04-9.7.1 grub2-snapper-plugin-2.04-9.7.1 grub2-systemd-sleep-plugin-2.04-9.7.1 grub2-x86_64-efi-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.7.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:20:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:20:10 +0200 (CEST) Subject: SUSE-RU-2020:2080-1: moderate: Recommended update for libtool Message-ID: <20200729222010.D9F9CFF14@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2080-1 Rating: moderate References: #1171566 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtool provides missing the libltdl 32bit library. (bsc#1171566) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2080=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2080=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2080=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2080=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2080=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2080=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2080=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2080=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2080=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2080=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 libtool-32bit-2.4.6-3.2.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): libtool-32bit-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): libtool-32bit-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 libtool-32bit-2.4.6-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libltdl7-2.4.6-3.2.1 libltdl7-debuginfo-2.4.6-3.2.1 libtool-2.4.6-3.2.1 libtool-debugsource-2.4.6-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libltdl7-32bit-2.4.6-3.2.1 libltdl7-32bit-debuginfo-2.4.6-3.2.1 libtool-32bit-2.4.6-3.2.1 References: https://bugzilla.suse.com/1171566 From sle-updates at lists.suse.com Wed Jul 29 16:21:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:21:01 +0200 (CEST) Subject: SUSE-SU-2020:2077-1: important: Security update for grub2 Message-ID: <20200729222101.62FC1FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2077-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-10713 (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - CVE-2020-15706 (bsc#1174463) - CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2077=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2077=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.25.1 grub2-debuginfo-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.25.1 grub2-i386-pc-2.02-26.25.1 grub2-powerpc-ieee1275-2.02-26.25.1 grub2-snapper-plugin-2.02-26.25.1 grub2-systemd-sleep-plugin-2.02-26.25.1 grub2-x86_64-efi-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.25.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Wed Jul 29 16:22:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:22:07 +0200 (CEST) Subject: SUSE-SU-2020:14440-1: important: Security update for grub2 Message-ID: <20200729222207.27952FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14440-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Fix packed-not-aligned error on GCC 8 (bsc#1084632) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-grub2-14440=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-14440=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): grub2-x86_64-efi-2.00-0.66.15.1 grub2-x86_64-xen-2.00-0.66.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.15.1 grub2-debugsource-2.00-0.66.15.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-updates at lists.suse.com Thu Jul 30 01:21:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 09:21:09 +0200 (CEST) Subject: SUSE-CU-2020:369-1: Recommended update of suse/sles12sp4 Message-ID: <20200730072109.41BF7FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:369-1 Container Tags : suse/sles12sp4:26.209 , suse/sles12sp4:latest Container Release : 26.209 Severity : moderate Type : recommended References : 1163834 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2059-1 Released: Tue Jul 28 11:32:56 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1163834 This update for grep fixes the following issues: Fix for an issue when command 'grep -i' produces bad performance by using multibyte with 'non-utf8' encoding. (bsc#1163834) From sle-updates at lists.suse.com Thu Jul 30 01:24:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 09:24:55 +0200 (CEST) Subject: SUSE-CU-2020:370-1: Recommended update of suse/sles12sp5 Message-ID: <20200730072455.8CB2DFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:370-1 Container Tags : suse/sles12sp5:6.5.27 , suse/sles12sp5:latest Container Release : 6.5.27 Severity : moderate Type : recommended References : 1163834 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2059-1 Released: Tue Jul 28 11:32:56 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1163834 This update for grep fixes the following issues: Fix for an issue when command 'grep -i' produces bad performance by using multibyte with 'non-utf8' encoding. (bsc#1163834) From sle-updates at lists.suse.com Thu Jul 30 07:13:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 15:13:28 +0200 (CEST) Subject: SUSE-RU-2020:2082-1: moderate: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin Message-ID: <20200730131328.6DF98FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2082-1 Rating: moderate References: #1174304 #1174306 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2082=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2082=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2082=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200630.00-1.3.1 google-guest-oslogin-20200507.00-1.3.1 google-guest-oslogin-debuginfo-20200507.00-1.3.1 google-guest-oslogin-debugsource-20200507.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20200626.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200630.00-1.3.1 google-guest-oslogin-20200507.00-1.3.1 google-guest-oslogin-debuginfo-20200507.00-1.3.1 google-guest-oslogin-debugsource-20200507.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20200626.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200630.00-1.3.1 google-guest-oslogin-20200507.00-1.3.1 google-guest-oslogin-debuginfo-20200507.00-1.3.1 google-guest-oslogin-debugsource-20200507.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-guest-configs-20200626.00-1.3.1 References: https://bugzilla.suse.com/1174304 https://bugzilla.suse.com/1174306 From sle-updates at lists.suse.com Thu Jul 30 07:14:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 15:14:22 +0200 (CEST) Subject: SUSE-RU-2020:2084-1: moderate: Recommended update for s390-tools Message-ID: <20200730131422.587C0FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2084-1 Rating: moderate References: #1173482 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issue: - Change the vmcp exit code and return 'CP command failed'. (bsc#1173482) When both "CP command failed" and "response buffer is too small" error conditions are true returns 'CP command failed'. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2084=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.20.1 osasnmpd-debuginfo-2.1.0-18.20.1 s390-tools-2.1.0-18.20.1 s390-tools-debuginfo-2.1.0-18.20.1 s390-tools-debugsource-2.1.0-18.20.1 s390-tools-hmcdrvfs-2.1.0-18.20.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.20.1 s390-tools-zdsfs-2.1.0-18.20.1 s390-tools-zdsfs-debuginfo-2.1.0-18.20.1 References: https://bugzilla.suse.com/1173482 From sle-updates at lists.suse.com Thu Jul 30 07:15:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 15:15:03 +0200 (CEST) Subject: SUSE-RU-2020:2083-1: moderate: Recommended update for diffutils Message-ID: <20200730131503.EA002FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for diffutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2083-1 Rating: moderate References: #1156913 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2083=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2083=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): diffutils-3.6-4.3.1 diffutils-debuginfo-3.6-4.3.1 diffutils-debugsource-3.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): diffutils-lang-3.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): diffutils-3.6-4.3.1 diffutils-debuginfo-3.6-4.3.1 diffutils-debugsource-3.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): diffutils-lang-3.6-4.3.1 References: https://bugzilla.suse.com/1156913 From sle-updates at lists.suse.com Thu Jul 30 07:15:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 15:15:48 +0200 (CEST) Subject: SUSE-RU-2020:2081-1: moderate: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin Message-ID: <20200730131548.05B50FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2081-1 Rating: moderate References: #1174304 #1174306 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2081=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200630.00-1.3.1 google-guest-oslogin-20200507.00-1.3.1 google-guest-oslogin-debuginfo-20200507.00-1.3.1 google-guest-oslogin-debugsource-20200507.00-1.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20200626.00-1.3.1 References: https://bugzilla.suse.com/1174304 https://bugzilla.suse.com/1174306 From sle-updates at lists.suse.com Thu Jul 30 07:17:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 15:17:17 +0200 (CEST) Subject: SUSE-RU-2020:2085-1: moderate: Recommended update for powerpc-utils Message-ID: <20200730131717.EF9B3FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2085-1 Rating: moderate References: #1173403 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lookup of disk partitions (bsc#1173403) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2085=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2085=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.18.1 powerpc-utils-debuginfo-1.3.7.1-3.18.1 powerpc-utils-debugsource-1.3.7.1-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.18.1 powerpc-utils-debuginfo-1.3.7.1-3.18.1 powerpc-utils-debugsource-1.3.7.1-3.18.1 References: https://bugzilla.suse.com/1173403 From sle-updates at lists.suse.com Thu Jul 30 10:14:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:14:39 +0200 (CEST) Subject: SUSE-RU-2020:2088-1: moderate: Recommended update for petsc Message-ID: <20200730161439.9F993FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for petsc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2088-1 Rating: moderate References: #1173065 Affected Products: SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for petsc fixes the following issue: - Fix incorrect dependency of the HPC devel packages. (bsc#1173065) Now the devel packages are not wrongly uninstalled on a petsc version upgrade. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2088=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2088=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpetsc-gnu-mpich-hpc-3.8.3-7.3.2 libpetsc-gnu-mvapich2-hpc-3.8.3-7.3.2 libpetsc-gnu-openmpi2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mpich-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mpich-hpc-debuginfo-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mvapich2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mvapich2-hpc-debuginfo-3.8.3-7.3.2 libpetsc_3_8_3-gnu-openmpi2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-openmpi2-hpc-debuginfo-3.8.3-7.3.2 petsc-gnu-mpich-hpc-devel-3.8.3-7.3.2 petsc-gnu-mvapich2-hpc-devel-3.8.3-7.3.2 petsc-gnu-openmpi2-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-mpich-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-mpich-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-mvapich2-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-mvapich2-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-openmpi2-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-openmpi2-hpc-devel-3.8.3-7.3.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): petsc-doc-3.8.3-7.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpetsc-gnu-mpich-hpc-3.8.3-7.3.2 libpetsc-gnu-mvapich2-hpc-3.8.3-7.3.2 libpetsc-gnu-openmpi2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mpich-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mpich-hpc-debuginfo-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mvapich2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-mvapich2-hpc-debuginfo-3.8.3-7.3.2 libpetsc_3_8_3-gnu-openmpi2-hpc-3.8.3-7.3.2 libpetsc_3_8_3-gnu-openmpi2-hpc-debuginfo-3.8.3-7.3.2 petsc-gnu-mpich-hpc-devel-3.8.3-7.3.2 petsc-gnu-mvapich2-hpc-devel-3.8.3-7.3.2 petsc-gnu-openmpi2-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-mpich-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-mpich-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-mvapich2-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-mvapich2-hpc-devel-3.8.3-7.3.2 petsc_3_8_3-gnu-openmpi2-hpc-debugsource-3.8.3-7.3.2 petsc_3_8_3-gnu-openmpi2-hpc-devel-3.8.3-7.3.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): petsc-doc-3.8.3-7.3.1 References: https://bugzilla.suse.com/1173065 From sle-updates at lists.suse.com Thu Jul 30 10:15:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:15:22 +0200 (CEST) Subject: SUSE-RU-2020:2094-1: Recommended update for crmsh Message-ID: <20200730161522.8F634FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2094-1 Rating: low References: #1174588 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fix for corosync to handle the return code of 'corosync-quorumtool' correctly. (bsc#1174588) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2094=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1595940615.c452cc00-5.9.1 crmsh-scripts-4.2.0+git.1595940615.c452cc00-5.9.1 References: https://bugzilla.suse.com/1174588 From sle-updates at lists.suse.com Thu Jul 30 10:16:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:16:05 +0200 (CEST) Subject: SUSE-OU-2020:2087-1: Optional update for POS_Server3, perl-Net-IPv4Addr Message-ID: <20200730161605.CCCEAFF0B@maintenance.suse.de> SUSE Optional Update: Optional update for POS_Server3, perl-Net-IPv4Addr ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2087-1 Rating: low References: #1174433 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update of POS_Server3 provides the follow fix: - Include admind and admind_client in the Image Server, which allows it to work with SLEPOS11. (bsc#1174433) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-2087=1 Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): admind-1.9-1.3.1 admind-client-1.9-1.3.1 admind-client-debuginfo-1.9-1.3.1 admind-debuginfo-1.9-1.3.1 References: https://bugzilla.suse.com/1174433 From sle-updates at lists.suse.com Thu Jul 30 10:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:16:50 +0200 (CEST) Subject: SUSE-SU-2020:2086-1: moderate: Security update for targetcli-fb Message-ID: <20200730161650.748D6FF0B@maintenance.suse.de> SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2086-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2086=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2086=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-targetcli-fb-2.1.49-10.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-targetcli-fb-2.1.49-10.9.1 targetcli-fb-common-2.1.49-10.9.1 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 From sle-updates at lists.suse.com Thu Jul 30 10:17:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:17:33 +0200 (CEST) Subject: SUSE-RU-2020:2089-1: Recommended update for petsc Message-ID: <20200730161733.C7C84FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for petsc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2089-1 Rating: low References: #1173269 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for petsc fixes the following issue: - Build the documentation package for SLE. (bsc#1173269) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-2089=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): libpetsc-gnu-mpich-hpc-3.12.2-4.3.2 libpetsc-gnu-mvapich2-hpc-3.12.2-4.3.2 libpetsc-gnu-openmpi2-hpc-3.12.2-4.3.2 libpetsc-gnu-openmpi3-hpc-3.12.2-4.3.2 libpetsc_3_12_2-gnu-mpich-hpc-3.12.2-4.3.2 libpetsc_3_12_2-gnu-mpich-hpc-debuginfo-3.12.2-4.3.2 libpetsc_3_12_2-gnu-mvapich2-hpc-3.12.2-4.3.2 libpetsc_3_12_2-gnu-mvapich2-hpc-debuginfo-3.12.2-4.3.2 libpetsc_3_12_2-gnu-openmpi2-hpc-3.12.2-4.3.2 libpetsc_3_12_2-gnu-openmpi2-hpc-debuginfo-3.12.2-4.3.2 libpetsc_3_12_2-gnu-openmpi3-hpc-3.12.2-4.3.2 libpetsc_3_12_2-gnu-openmpi3-hpc-debuginfo-3.12.2-4.3.2 petsc-gnu-mpich-hpc-devel-3.12.2-4.3.2 petsc-gnu-mvapich2-hpc-devel-3.12.2-4.3.2 petsc-gnu-openmpi2-hpc-devel-3.12.2-4.3.2 petsc-gnu-openmpi3-hpc-devel-3.12.2-4.3.2 petsc_3_12_2-gnu-mpich-hpc-debugsource-3.12.2-4.3.2 petsc_3_12_2-gnu-mpich-hpc-devel-3.12.2-4.3.2 petsc_3_12_2-gnu-mvapich2-hpc-debugsource-3.12.2-4.3.2 petsc_3_12_2-gnu-mvapich2-hpc-devel-3.12.2-4.3.2 petsc_3_12_2-gnu-openmpi2-hpc-debugsource-3.12.2-4.3.2 petsc_3_12_2-gnu-openmpi2-hpc-devel-3.12.2-4.3.2 petsc_3_12_2-gnu-openmpi3-hpc-debugsource-3.12.2-4.3.2 petsc_3_12_2-gnu-openmpi3-hpc-devel-3.12.2-4.3.2 - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): petsc-doc-3.12.2-4.3.2 References: https://bugzilla.suse.com/1173269 From sle-updates at lists.suse.com Thu Jul 30 10:18:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:18:15 +0200 (CEST) Subject: SUSE-RU-2020:2091-1: moderate: Recommended update for python-kiwi Message-ID: <20200730161815.92537FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2091-1 Rating: moderate References: #1156677 #1168973 #1172928 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Fixed checking for root device in grub config. (bsc#1172928) - Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2091=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2091=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.20.5-3.21.3 dracut-kiwi-live-9.20.5-3.21.3 dracut-kiwi-oem-dump-9.20.5-3.21.3 dracut-kiwi-oem-repart-9.20.5-3.21.3 dracut-kiwi-overlay-9.20.5-3.21.3 kiwi-man-pages-9.20.5-3.21.3 kiwi-tools-9.20.5-3.21.3 kiwi-tools-debuginfo-9.20.5-3.21.3 python-kiwi-debugsource-9.20.5-3.21.3 python3-kiwi-9.20.5-3.21.3 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.20.5-3.21.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.20.5-3.21.3 dracut-kiwi-live-9.20.5-3.21.3 dracut-kiwi-oem-dump-9.20.5-3.21.3 dracut-kiwi-oem-repart-9.20.5-3.21.3 dracut-kiwi-overlay-9.20.5-3.21.3 kiwi-man-pages-9.20.5-3.21.3 kiwi-tools-9.20.5-3.21.3 kiwi-tools-debuginfo-9.20.5-3.21.3 python-kiwi-debugsource-9.20.5-3.21.3 python3-kiwi-9.20.5-3.21.3 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): kiwi-pxeboot-9.20.5-3.21.3 References: https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1172928 From sle-updates at lists.suse.com Thu Jul 30 10:19:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:19:11 +0200 (CEST) Subject: SUSE-RU-2020:2092-1: moderate: Recommended update for glibc Message-ID: <20200730161911.499C8FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2092-1 Rating: moderate References: #1171878 #1172085 #1173593 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files (bsc#1171878, BZ #23178) - nscd: bump GC cycle during cache pruning (bsc#1171878, BZ #26130) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085, BZ #26100) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2092=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2092=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-109.2 glibc-debugsource-2.22-109.2 glibc-devel-static-2.22-109.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): glibc-info-2.22-109.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-2.22-109.2 glibc-debuginfo-2.22-109.2 glibc-debugsource-2.22-109.2 glibc-devel-2.22-109.2 glibc-devel-debuginfo-2.22-109.2 glibc-locale-2.22-109.2 glibc-locale-debuginfo-2.22-109.2 glibc-profile-2.22-109.2 nscd-2.22-109.2 nscd-debuginfo-2.22-109.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): glibc-32bit-2.22-109.2 glibc-debuginfo-32bit-2.22-109.2 glibc-devel-32bit-2.22-109.2 glibc-devel-debuginfo-32bit-2.22-109.2 glibc-locale-32bit-2.22-109.2 glibc-locale-debuginfo-32bit-2.22-109.2 glibc-profile-32bit-2.22-109.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): glibc-html-2.22-109.2 glibc-i18ndata-2.22-109.2 glibc-info-2.22-109.2 References: https://bugzilla.suse.com/1171878 https://bugzilla.suse.com/1172085 https://bugzilla.suse.com/1173593 From sle-updates at lists.suse.com Thu Jul 30 10:20:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:20:09 +0200 (CEST) Subject: SUSE-RU-2020:2093-1: Recommended update for tftpboot-installation-common Message-ID: <20200730162009.6D27CFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for tftpboot-installation-common ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2093-1 Rating: low References: #1172161 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tftpboot-installation-common fixes the following issues: - Fix typo in service file. (bsc#1172161) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2093=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): tftpboot-installation-common-1.1-3.3.1 References: https://bugzilla.suse.com/1172161 From sle-updates at lists.suse.com Thu Jul 30 10:20:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:20:51 +0200 (CEST) Subject: SUSE-RU-2020:2090-1: moderate: Recommended update for petsc Message-ID: <20200730162051.364E3FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for petsc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2090-1 Rating: moderate References: #1173065 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for petsc fixes the following issue: - Fix incorrect dependency of the HPC devel packages. (bsc#1173065) Now the devel packages are not wrongly uninstalled on a petsc version upgrade. - Provide the documentation package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2090=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libpetsc-gnu-mpich-hpc-3.8.3-12.5.2 libpetsc-gnu-mvapich2-hpc-3.8.3-12.5.2 libpetsc-gnu-openmpi2-hpc-3.8.3-12.5.2 libpetsc_3_8_3-gnu-mpich-hpc-3.8.3-12.5.2 libpetsc_3_8_3-gnu-mpich-hpc-debuginfo-3.8.3-12.5.2 libpetsc_3_8_3-gnu-mvapich2-hpc-3.8.3-12.5.2 libpetsc_3_8_3-gnu-mvapich2-hpc-debuginfo-3.8.3-12.5.2 libpetsc_3_8_3-gnu-openmpi2-hpc-3.8.3-12.5.2 libpetsc_3_8_3-gnu-openmpi2-hpc-debuginfo-3.8.3-12.5.2 petsc-gnu-mpich-hpc-devel-3.8.3-12.5.2 petsc-gnu-mvapich2-hpc-devel-3.8.3-12.5.2 petsc-gnu-openmpi2-hpc-devel-3.8.3-12.5.2 petsc_3_8_3-gnu-mpich-hpc-debugsource-3.8.3-12.5.2 petsc_3_8_3-gnu-mpich-hpc-devel-3.8.3-12.5.2 petsc_3_8_3-gnu-mvapich2-hpc-debugsource-3.8.3-12.5.2 petsc_3_8_3-gnu-mvapich2-hpc-devel-3.8.3-12.5.2 petsc_3_8_3-gnu-openmpi2-hpc-debugsource-3.8.3-12.5.2 petsc_3_8_3-gnu-openmpi2-hpc-devel-3.8.3-12.5.2 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): petsc-doc-3.8.3-12.5.2 References: https://bugzilla.suse.com/1173065 From sle-updates at lists.suse.com Thu Jul 30 12:00:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 20:00:36 +0200 (CEST) Subject: SUSE-CU-2020:371-1: Recommended update of suse/sle15 Message-ID: <20200730180036.3A27AFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:371-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.276 Container Release : 6.2.276 Severity : moderate Type : recommended References : 1156913 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) From sle-updates at lists.suse.com Thu Jul 30 13:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 21:12:53 +0200 (CEST) Subject: SUSE-RU-2020:2096-1: moderate: Recommended update for 389-ds Message-ID: <20200730191253.1EB4DFDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2096-1 Rating: moderate References: #1172328 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 389-ds fixes the following issues: - This corrects a failure to install on SUSE due to incorrect hostname generation, and a python3 utf8 issue that is triggered by systemd. (bsc#1172328) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2096=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.9~git0.3eb8617f6-3.3.2 389-ds-debuginfo-1.4.3.9~git0.3eb8617f6-3.3.2 389-ds-debugsource-1.4.3.9~git0.3eb8617f6-3.3.2 389-ds-devel-1.4.3.9~git0.3eb8617f6-3.3.2 lib389-1.4.3.9~git0.3eb8617f6-3.3.2 libsvrcore0-1.4.3.9~git0.3eb8617f6-3.3.2 libsvrcore0-debuginfo-1.4.3.9~git0.3eb8617f6-3.3.2 References: https://bugzilla.suse.com/1172328 From sle-updates at lists.suse.com Thu Jul 30 13:13:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 21:13:36 +0200 (CEST) Subject: SUSE-SU-2020:2095-1: important: Security update for ghostscript Message-ID: <20200730191336.67951FDE4@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2095-1 Rating: important References: #1174415 Cross-References: CVE-2020-15900 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2095=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2095=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2095=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2095=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2095=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2095=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 References: https://www.suse.com/security/cve/CVE-2020-15900.html https://bugzilla.suse.com/1174415 From sle-updates at lists.suse.com Thu Jul 30 13:14:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2020 21:14:23 +0200 (CEST) Subject: SUSE-SU-2020:2097-1: important: Security update for ghostscript Message-ID: <20200730191423.95B1BFDE4@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2097-1 Rating: important References: #1174415 Cross-References: CVE-2020-15900 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2097=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2097=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2097=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2097=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2097=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2097=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2097=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2097=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2097=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2097=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2097=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2097=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2097=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2097=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 9 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-devel-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - HPE Helion Openstack 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 References: https://www.suse.com/security/cve/CVE-2020-15900.html https://bugzilla.suse.com/1174415 From sle-updates at lists.suse.com Thu Jul 30 16:13:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 00:13:00 +0200 (CEST) Subject: SUSE-RU-2020:2098-1: moderate: Recommended update for release-notes-sles Message-ID: <20200730221300.EC475FEC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2098-1 Rating: moderate References: #1150672 #1153309 #1158193 #1161529 #1163166 #1171541 #1174005 #1174181 #1174481 #1174654 Affected Products: SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for release-notes-sles fixes the following issues: Releases Notes were updated to 15.2.20200729. (bsc#1174654) - Added notes: - Setting display manager via alternatives system. (bsc#1163166) - Intel OPA host software. (bsc#1174181) - Update of open-vm-tools. (jsc#ECO-2164) - Update of efivar. (jsc#SLE-13175) - Nested KVM as technology preview. (jsc#SLE-11271) - English/Chinese installer boot menu language switch. (jsc#SLE-12479) - IBM Z: RoCE ConnectX-4 performance issues. (bsc#1153309) - AArch64: - ThunderX3 SoC enablement. (jsc#SLE-9327) - NODES_SHIFT increase. (bsc#1158193) - KVM enablement for SVE. (jsc#SLE-9312) - KVM vCPU limit increase. (jsc#SLE-7698) - NR_CPUS increase. (jsc#SLE-9327) - AWS A1.metal. (jsc#SLE-7300) - vc4 limitations. (fate#322398) - Updated notes: - Improved Java version support information. (bsc#1171541) - Updated section about software requiring external contracts. (bsc#1161529) - Updated information about installation methods. (jsc#SLE-7101) - Fixed Vagrant box download instructions. (bsc#1174005) - AArch64: Raspberry Pi: Documented vc4 20-kms.conf. (fate#322398) - Virtualization: Added reference to Arm notes, overcommit docs. - Moved notes & minor improvements: - Updated bug tracker info. (bsc#1174481) - Updated URL for source code download. (bsc#1150672) - Clarified note about TLS support. - Merged Windows Subsystem for Linux notes. - Moved note about persistent SCSI naming to "Kernel" section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2020-2098=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2098=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (noarch): release-notes-sles-15.2.20200729-3.3.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20200729-3.3.1 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1153309 https://bugzilla.suse.com/1158193 https://bugzilla.suse.com/1161529 https://bugzilla.suse.com/1163166 https://bugzilla.suse.com/1171541 https://bugzilla.suse.com/1174005 https://bugzilla.suse.com/1174181 https://bugzilla.suse.com/1174481 https://bugzilla.suse.com/1174654 From sle-updates at lists.suse.com Fri Jul 31 04:13:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 12:13:30 +0200 (CEST) Subject: SUSE-RU-2020:2099-1: moderate: Recommended update for systemd Message-ID: <20200731101330.8E42CFDE1@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2099-1 Rating: moderate References: #1173227 #1173229 #1173422 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2099=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2099=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2099=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.55.1 libsystemd0-debuginfo-234-24.55.1 libudev-devel-234-24.55.1 libudev1-234-24.55.1 libudev1-debuginfo-234-24.55.1 systemd-234-24.55.1 systemd-container-234-24.55.1 systemd-container-debuginfo-234-24.55.1 systemd-coredump-234-24.55.1 systemd-coredump-debuginfo-234-24.55.1 systemd-debuginfo-234-24.55.1 systemd-debugsource-234-24.55.1 systemd-devel-234-24.55.1 systemd-sysvinit-234-24.55.1 udev-234-24.55.1 udev-debuginfo-234-24.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.55.1 libsystemd0-32bit-debuginfo-234-24.55.1 libudev1-32bit-234-24.55.1 libudev1-32bit-debuginfo-234-24.55.1 systemd-32bit-234-24.55.1 systemd-32bit-debuginfo-234-24.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.55.1 libsystemd0-debuginfo-234-24.55.1 libudev-devel-234-24.55.1 libudev1-234-24.55.1 libudev1-debuginfo-234-24.55.1 systemd-234-24.55.1 systemd-container-234-24.55.1 systemd-container-debuginfo-234-24.55.1 systemd-coredump-234-24.55.1 systemd-coredump-debuginfo-234-24.55.1 systemd-debuginfo-234-24.55.1 systemd-debugsource-234-24.55.1 systemd-devel-234-24.55.1 systemd-sysvinit-234-24.55.1 udev-234-24.55.1 udev-debuginfo-234-24.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.55.1 libsystemd0-32bit-debuginfo-234-24.55.1 libudev1-32bit-234-24.55.1 libudev1-32bit-debuginfo-234-24.55.1 systemd-32bit-234-24.55.1 systemd-32bit-debuginfo-234-24.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.55.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.55.1 systemd-234-24.55.1 systemd-sysvinit-234-24.55.1 udev-234-24.55.1 References: https://bugzilla.suse.com/1173227 https://bugzilla.suse.com/1173229 https://bugzilla.suse.com/1173422 From sle-updates at lists.suse.com Fri Jul 31 10:12:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 18:12:53 +0200 (CEST) Subject: SUSE-SU-2020:2101-1: moderate: Security update for targetcli-fb Message-ID: <20200731161253.60845FDE1@maintenance.suse.de> SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2101-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2101=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2101=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-targetcli-fb-2.1.52-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-targetcli-fb-2.1.52-3.3.1 targetcli-fb-common-2.1.52-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 From sle-updates at lists.suse.com Fri Jul 31 10:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 18:13:41 +0200 (CEST) Subject: SUSE-SU-2020:2100-1: moderate: Security update for MozillaFirefox Message-ID: <20200731161341.B7CCBFDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2100-1 Rating: moderate References: #1173948 #1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2100=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2100=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2100=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2100=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2100=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2100=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2100=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2100=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2100=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2100=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2100=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2100=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2100=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2100=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15653.html https://www.suse.com/security/cve/CVE-2020-15654.html https://www.suse.com/security/cve/CVE-2020-15655.html https://www.suse.com/security/cve/CVE-2020-15656.html https://www.suse.com/security/cve/CVE-2020-15657.html https://www.suse.com/security/cve/CVE-2020-15658.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1173948 https://bugzilla.suse.com/1174538 From sle-updates at lists.suse.com Fri Jul 31 13:13:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 21:13:17 +0200 (CEST) Subject: SUSE-RU-2020:1000-2: moderate: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Message-ID: <20200731191317.0DAA2FDE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1000-2 Rating: moderate References: #1014478 #1054413 #1140565 #982804 #999200 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1000=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1000=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1000=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1000=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): azure-cli-command-modules-nspkg-2.0.1-3.3.3 azure-cli-component-2.0.7-3.3.3 azure-cli-taskhelp-0.1.7-3.3.3 python3-msrest-0.5.5-3.6.1 python3-msrestazure-0.5.0-3.6.1 python3-portalocker-1.4.0-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-websocket-client-0.44.0-3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-websocket-client-0.44.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-websocket-client-0.44.0-3.5.1 References: https://bugzilla.suse.com/1014478 https://bugzilla.suse.com/1054413 https://bugzilla.suse.com/1140565 https://bugzilla.suse.com/982804 https://bugzilla.suse.com/999200 From sle-updates at lists.suse.com Fri Jul 31 13:14:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2020 21:14:33 +0200 (CEST) Subject: SUSE-SU-2020:2102-1: important: Security update for the Linux Kernel Message-ID: <20200731191433.56B49FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2102-1 Rating: important References: #1065729 #1152472 #1152489 #1153274 #1154353 #1154488 #1155518 #1155798 #1165933 #1167773 #1168959 #1169771 #1171857 #1171988 #1172201 #1173074 #1173849 #1173941 #1174072 #1174116 #1174126 #1174127 #1174128 #1174129 #1174185 #1174205 #1174247 #1174263 #1174264 #1174331 #1174332 #1174333 #1174356 #1174362 #1174396 #1174398 #1174407 #1174409 #1174411 #1174438 #1174462 #1174513 #1174527 #1174627 #1174645 Cross-References: CVE-2020-0305 CVE-2020-10135 CVE-2020-10781 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 41 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update() (bnc#1174205). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (bsc#1165933). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/radeon: fix double free (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: logitech-hidpp: avoid repeated "multiplier = " log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: centralize queue reset code (bsc#1167773). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - net/smc: fix restoring of fallback changes (git-fixes). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net/tls: fix encryption error checking (git-fixes). - net/tls: free record only on encryption error (git-fixes). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - NTB: Fix static check warning in perf_clear_test (git-fixes). - NTB: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes). - NTB: ntb_test: Fix bug when counting remote files (git-fixes). - NTB: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - NTB: perf: Do not require one more memory window than number of peers (git-fixes). - NTB: perf: Fix race condition when run with ntb_test (git-fixes). - NTB: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - NTB: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "thermal: mediatek: fix register index error" (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bsc#1174333). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.12.1 kernel-azure-debuginfo-5.3.18-18.12.1 kernel-azure-debugsource-5.3.18-18.12.1 kernel-azure-devel-5.3.18-18.12.1 kernel-azure-devel-debuginfo-5.3.18-18.12.1 kernel-syms-azure-5.3.18-18.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.12.1 kernel-source-azure-5.3.18-18.12.1 References: https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1171857 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173849 https://bugzilla.suse.com/1173941 https://bugzilla.suse.com/1174072 https://bugzilla.suse.com/1174116 https://bugzilla.suse.com/1174126 https://bugzilla.suse.com/1174127 https://bugzilla.suse.com/1174128 https://bugzilla.suse.com/1174129 https://bugzilla.suse.com/1174185 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174263 https://bugzilla.suse.com/1174264 https://bugzilla.suse.com/1174331 https://bugzilla.suse.com/1174332 https://bugzilla.suse.com/1174333 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174396 https://bugzilla.suse.com/1174398 https://bugzilla.suse.com/1174407 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174411 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174513 https://bugzilla.suse.com/1174527 https://bugzilla.suse.com/1174627 https://bugzilla.suse.com/1174645